gsadmin/PSInfisicalAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity
Files
9a2f81fc02cd5180e257117ba693e82093ed5e67
PSInfisicalAPI/Module/PSInfisicalAPI/bin/en-US/PSInfisicalAPI.dll-Help.xml
T
GraceSolutions 9a2f81fc02
Publish to PowerShell Gallery / build (pull_request) Successful in 30s
Details
Publish to PowerShell Gallery / release (pull_request) Successful in 16s
Details
Publish to PowerShell Gallery / publish (pull_request) Successful in 7s
Details
Build artifacts for 97193d46f2 
Auto-generated by build.ps1 -CommitArtifacts. Build 2026.06.07.1435. Module DLL and manifest embed BuildCommitHash=97193d46f2ff, matching the source commit they were produced from.
2026-06-07 10:35:49 -04:00

2097 lines
142 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh">
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Connect-Infisical</command:name>
<maml:description><maml:para>Establishes an authenticated session with an Infisical server and stores it for use by subsequent cmdlets.</maml:para></maml:description>
<command:verb>Connect</command:verb>
<command:noun>Infisical</command:noun>
</command:details>
<maml:description>
<maml:para>Authenticates against an Infisical instance using one of the supported auth providers (UniversalAuth, Token, JWT, OIDC, LDAP, Azure, GCP IAM) and stores the resulting connection in the module-level session manager. Subsequent cmdlets pick up the connection automatically. If parameters such as BaseUri, OrganizationId, ClientId, or ClientSecret are not supplied, the cmdlet attempts to resolve them from a curated list of environment-variable name patterns across Process, User, and Machine scopes. The connection no longer carries a default ProjectId, Environment, or SecretPath; downstream cmdlets accept those as explicit (mandatory where applicable) parameters.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Use -PassThru to emit the resulting InfisicalConnection object; by default the connection is stored silently. SecureString-typed parameters such as ClientSecret, AccessToken, Jwt, and Password are never logged.</maml:para>
<maml:para>The cmdlet pins the API version to the bound value when -ApiVersion is supplied explicitly; otherwise the default 'v4' is used and remains overridable per-call.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Connect-Infisical -BaseUri 'https://app.infisical.com' -ClientId $ClientId -ClientSecret $ClientSecret -OrganizationId $OrgId</dev:code>
<dev:remarks><maml:para>Performs a Universal-Auth machine-identity login and stores the resulting session for subsequent cmdlets.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$ConnectInfisicalParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$ConnectInfisicalParameters.BaseUri = 'https://app.infisical.com'
$ConnectInfisicalParameters.OrganizationId = $OrganizationId
$ConnectInfisicalParameters.ClientId = $ClientId
$ConnectInfisicalParameters.ClientSecret = $ClientSecret
$ConnectInfisicalParameters.ApiVersion = 'v4'
$ConnectInfisicalParameters.PassThru = $True
$ConnectInfisicalParameters.Verbose = $True
$ConnectInfisicalResult = Connect-Infisical @ConnectInfisicalParameters</dev:code>
<dev:remarks><maml:para>Builds an ordered parameter dictionary, splats it onto Connect-Infisical, and captures the returned InfisicalConnection for later reuse.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Disconnect-Infisical</command:name>
<maml:description><maml:para>Clears the current Infisical session from the module-level session manager.</maml:para></maml:description>
<command:verb>Disconnect</command:verb>
<command:noun>Infisical</command:noun>
</command:details>
<maml:description>
<maml:para>Removes the cached InfisicalConnection so subsequent cmdlets that require an active session will fail until Connect-Infisical is invoked again. The cmdlet does not contact the Infisical server.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Use -PassThru to receive a status object that includes the disconnect timestamp; by default the cmdlet returns no output.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Disconnect-Infisical</dev:code>
<dev:remarks><maml:para>Clears the active Infisical session silently.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$DisconnectInfisicalParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$DisconnectInfisicalParameters.PassThru = $True
$DisconnectInfisicalParameters.Verbose = $True
$DisconnectInfisicalResult = Disconnect-Infisical @DisconnectInfisicalParameters</dev:code>
<dev:remarks><maml:para>Disconnects and captures a status object that includes IsConnected and DisconnectedAtUtc for logging.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalSecret</command:name>
<maml:description><maml:para>Lists or retrieves Infisical secrets within a project, environment, and optional folder path.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalSecret</command:noun>
</command:details>
<maml:description>
<maml:para>Default (List parameter set) enumerates secrets under the supplied project and environment, optionally recursing through subfolders and filtering by metadata or tag slugs. When -SecretName is supplied (Single parameter set) the cmdlet returns one secret by name; -Version and -Type tune the single-record fetch. -ProjectId and -Environment are mandatory in both modes; -SecretPath defaults to '/' and -ApiVersion defaults to the value pinned on the active InfisicalConnection.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Use -Recursive together with -SecretPath to walk an entire folder subtree in List mode. Pipe the result into ConvertTo-InfisicalSecretDictionary for hashtable-style lookup. The returned InfisicalSecret stores the value as SecureString; call .GetPlainTextValue() to materialize the cleartext value only when strictly required.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalSecret -ProjectId $ProjectId -Environment 'dev' -SecretPath '/Windows' -Recursive</dev:code>
<dev:remarks><maml:para>Lists every secret under /Windows in the dev environment of the specified project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>Get-InfisicalSecret -SecretName 'DATABASE_URL'</dev:code>
<dev:remarks><maml:para>Retrieves the DATABASE_URL secret from the project and environment pinned by Connect-Infisical.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>$GetInfisicalSecretParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$GetInfisicalSecretParameters.ProjectId = $ProjectId
$GetInfisicalSecretParameters.Environment = 'dev'
$GetInfisicalSecretParameters.SecretPath = "/Windows/$($CallingScriptPath.BaseName)"
$GetInfisicalSecretParameters.Recursive = $True
$GetInfisicalSecretParameters.ExpandSecretReferences = $True
$GetInfisicalSecretParameters.IncludeImports = $True
$GetInfisicalSecretParameters.IncludePersonalOverrides = $True
$GetInfisicalSecretParameters.Verbose = $True
$GetInfisicalSecretResult = Get-InfisicalSecret @GetInfisicalSecretParameters</dev:code>
<dev:remarks><maml:para>Lists secrets under a script-specific subpath with imports, personal overrides, and reference expansion enabled.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>New-InfisicalSecret</command:name>
<maml:description><maml:para>Creates a new Infisical secret, with support for SecureString values and bulk creation.</maml:para></maml:description>
<command:verb>New</command:verb>
<command:noun>InfisicalSecret</command:noun>
</command:details>
<maml:description>
<maml:para>Creates one or many secrets. Three parameter sets are supported: PlainText (SecretName + SecretValue), SecureString (SecretName + SecureSecretValue), and Bulk (an array of hashtables piped or supplied via -Secrets). Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Pass -SkipMultilineEncoding when the value already contains literal newlines that the server should preserve verbatim. Use -TagIds to attach tag references at creation time.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>New-InfisicalSecret -SecretName 'API_KEY' -SecretValue 'super-secret-value' -ProjectId $ProjectId -Environment 'dev'</dev:code>
<dev:remarks><maml:para>Creates a single shared secret in the specified project/environment.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalTagResult = Get-InfisicalTag -ProjectId $ProjectId
$NewInfisicalSecretParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$NewInfisicalSecretParameters.SecretName = 'API_KEY'
$NewInfisicalSecretParameters.SecretValue = 'super-secret-value'
$NewInfisicalSecretParameters.SecretComment = 'Issued by deployment pipeline'
$NewInfisicalSecretParameters.ProjectId = $ProjectId
$NewInfisicalSecretParameters.Environment = 'dev'
$NewInfisicalSecretParameters.SecretPath = "/Windows/$($CallingScriptPath.BaseName)"
$NewInfisicalSecretParameters.TagIds = @($GetInfisicalTagResult[0].Id)
$NewInfisicalSecretParameters.Verbose = $True
$NewInfisicalSecretResult = New-InfisicalSecret @NewInfisicalSecretParameters</dev:code>
<dev:remarks><maml:para>Looks up tags to attach, then creates a single secret with a comment and tag association under a script-specific subpath.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Update-InfisicalSecret</command:name>
<maml:description><maml:para>Updates an existing Infisical secret value, comment, name, or tags.</maml:para></maml:description>
<command:verb>Update</command:verb>
<command:noun>InfisicalSecret</command:noun>
</command:details>
<maml:description>
<maml:para>Updates one or many secrets. Supports PlainText, SecureString, and Bulk parameter sets. Use -NewSecretName to rename a secret, -SecretComment to update its comment, and -TagIds to replace tag associations. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Only the parameters you bind are sent; omitted scalar parameters are not modified server-side. The Bulk parameter set accepts pipeline input of hashtables containing SecretName/SecretValue/etc.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Update-InfisicalSecret -SecretName 'API_KEY' -SecretValue 'rotated-value' -ProjectId $ProjectId -Environment 'dev'</dev:code>
<dev:remarks><maml:para>Rotates the API_KEY secret in the specified project/environment.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$UpdateInfisicalSecretParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$UpdateInfisicalSecretParameters.SecretName = 'API_KEY'
$UpdateInfisicalSecretParameters.NewSecretName = 'API_KEY_V2'
$UpdateInfisicalSecretParameters.SecretValue = 'rotated-value'
$UpdateInfisicalSecretParameters.SecretComment = 'Rotated by scheduled job'
$UpdateInfisicalSecretParameters.ProjectId = $ProjectId
$UpdateInfisicalSecretParameters.Environment = 'dev'
$UpdateInfisicalSecretParameters.SecretPath = "/Windows/$($CallingScriptPath.BaseName)"
$UpdateInfisicalSecretParameters.Verbose = $True
$UpdateInfisicalSecretResult = Update-InfisicalSecret @UpdateInfisicalSecretParameters</dev:code>
<dev:remarks><maml:para>Rotates the value, renames the secret, and updates its comment in a single call.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Remove-InfisicalSecret</command:name>
<maml:description><maml:para>Deletes one or many Infisical secrets by name.</maml:para></maml:description>
<command:verb>Remove</command:verb>
<command:noun>InfisicalSecret</command:noun>
</command:details>
<maml:description>
<maml:para>Deletes a single secret (Single parameter set) or a batch of secrets by name (Bulk parameter set). High ConfirmImpact triggers prompts by default. -PassThru emits the removed secret names.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Removal is irreversible from this cmdlet's perspective; rely on Infisical's audit log or secret-version history for forensics. Honors -WhatIf and -Confirm.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Remove-InfisicalSecret -SecretName 'API_KEY_V1' -ProjectId $ProjectId -Environment 'dev' -Confirm:$False</dev:code>
<dev:remarks><maml:para>Deletes a single secret without prompting.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$RemoveInfisicalSecretParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$RemoveInfisicalSecretParameters.SecretNames = @('LEGACY_KEY_1','LEGACY_KEY_2','LEGACY_KEY_3')
$RemoveInfisicalSecretParameters.ProjectId = $ProjectId
$RemoveInfisicalSecretParameters.Environment = 'dev'
$RemoveInfisicalSecretParameters.SecretPath = "/Windows/$($CallingScriptPath.BaseName)"
$RemoveInfisicalSecretParameters.PassThru = $True
$RemoveInfisicalSecretParameters.Confirm = $False
$RemoveInfisicalSecretParameters.Verbose = $True
$RemoveInfisicalSecretResult = Remove-InfisicalSecret @RemoveInfisicalSecretParameters</dev:code>
<dev:remarks><maml:para>Bulk-deletes three legacy secrets and returns the removed names for audit logging.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Copy-InfisicalSecret</command:name>
<maml:description><maml:para>Duplicates one or more secrets into a different environment or secret path.</maml:para></maml:description>
<command:verb>Copy</command:verb>
<command:noun>InfisicalSecret</command:noun>
</command:details>
<maml:description>
<maml:para>Server-side duplicates an array of secret IDs into a destination environment (and optional destination path), with switches that control whether the value, comment, tags, and metadata are copied. Use Get-InfisicalSecret followed by selection of the desired Id values to feed -SecretId.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Set -OverwriteExisting to replace same-named secrets at the destination. Without -CopySecretValue, the destination secrets are created with empty values, preserving only metadata.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalSecret -ProjectId $ProjectId -Environment 'dev' | Select-Object -ExpandProperty Id | Copy-InfisicalSecret -ProjectId $ProjectId -SourceEnvironment 'dev' -DestinationEnvironment 'staging' -CopySecretValue</dev:code>
<dev:remarks><maml:para>Copies all secrets from dev into staging, including their values.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalSecretResult = Get-InfisicalSecret -ProjectId $ProjectId -Environment 'dev' -SecretPath '/Windows' -Recursive
$CopyInfisicalSecretParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$CopyInfisicalSecretParameters.SecretId = $GetInfisicalSecretResult.Id
$CopyInfisicalSecretParameters.ProjectId = $ProjectId
$CopyInfisicalSecretParameters.SourceEnvironment = 'dev'
$CopyInfisicalSecretParameters.SourceSecretPath = '/Windows'
$CopyInfisicalSecretParameters.DestinationEnvironment = 'staging'
$CopyInfisicalSecretParameters.DestinationSecretPath = '/Windows'
$CopyInfisicalSecretParameters.OverwriteExisting = $True
$CopyInfisicalSecretParameters.CopySecretValue = $True
$CopyInfisicalSecretParameters.CopySecretComment = $True
$CopyInfisicalSecretParameters.CopyTags = $True
$CopyInfisicalSecretParameters.CopyMetadata = $True
$CopyInfisicalSecretParameters.Verbose = $True
$CopyInfisicalSecretResult = Copy-InfisicalSecret @CopyInfisicalSecretParameters</dev:code>
<dev:remarks><maml:para>Promotes every Windows secret from dev into staging with full value/comment/tag/metadata propagation.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>ConvertTo-InfisicalSecretDictionary</command:name>
<maml:description><maml:para>Converts a stream of InfisicalSecret objects into a name-keyed Dictionary of SecureString or plain text values.</maml:para></maml:description>
<command:verb>ConvertTo</command:verb>
<command:noun>InfisicalSecretDictionary</command:noun>
</command:details>
<maml:description>
<maml:para>Aggregates an incoming pipeline of InfisicalSecret objects into a case-insensitive Dictionary keyed by SecretName. By default values are SecureString; pass -AsPlainText to materialize string values. Duplicate keys are handled via the -DuplicateKeyBehavior parameter (Error, FirstWins, LastWins). -Prefix prepends a string to every dictionary key (e.g. SecretName 'API_KEY' with -Prefix 'MYAPP_' becomes key 'MYAPP_API_KEY'); the underlying InfisicalSecret objects are not mutated. A SecretName that already starts with -Prefix (case-insensitive) is left as-is to avoid double-prefixing; pass -ForcePrefix to always prepend.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Use this conversion before splatting secrets into another process (-AsPlainText) or before passing them to libraries that expect SecureString-keyed lookups (default).</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalSecret -ProjectId $ProjectId -Environment 'dev' | ConvertTo-InfisicalSecretDictionary -AsPlainText</dev:code>
<dev:remarks><maml:para>Builds a plain-text dictionary of every secret in the dev environment of the specified project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalSecretResult = Get-InfisicalSecret -ProjectId $ProjectId -Environment 'dev' -SecretPath "/Windows/$($CallingScriptPath.BaseName)" -Recursive
$ConvertToInfisicalSecretDictionaryParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$ConvertToInfisicalSecretDictionaryParameters.InputObject = $GetInfisicalSecretResult
$ConvertToInfisicalSecretDictionaryParameters.DuplicateKeyBehavior = 'LastWins'
$ConvertToInfisicalSecretDictionaryParameters.AsPlainText = $True
$ConvertToInfisicalSecretDictionaryParameters.Verbose = $True
$ConvertToInfisicalSecretDictionaryResult = ConvertTo-InfisicalSecretDictionary @ConvertToInfisicalSecretDictionaryParameters</dev:code>
<dev:remarks><maml:para>Aggregates recursive secret results into a plain-text dictionary, with the last value winning on key collisions.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>Get-InfisicalSecret -ProjectId $ProjectId -Environment 'dev' | ConvertTo-InfisicalSecretDictionary -Prefix 'MYAPP_' -AsPlainText</dev:code>
<dev:remarks><maml:para>Builds a plain-text dictionary whose keys are namespaced with 'MYAPP_' (e.g. API_KEY becomes MYAPP_API_KEY); the source InfisicalSecret objects are unchanged.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Export-InfisicalSecrets</command:name>
<maml:description><maml:para>Exports InfisicalSecret objects to disk or environment variables in a chosen file format.</maml:para></maml:description>
<command:verb>Export</command:verb>
<command:noun>InfisicalSecrets</command:noun>
</command:details>
<maml:description>
<maml:para>Buffers an incoming pipeline of InfisicalSecret objects and writes them to a file in the requested format (DotEnv, Json, Yaml, EnvironmentVariables, etc.) or sets them as environment variables on the chosen scope (Process, User, Machine). -Encoding controls text encoding for file outputs. -Prefix prepends a string to every emitted variable name regardless of format; names that already start with -Prefix (case-insensitive) are left as-is to avoid double-prefixing. Pass -ForcePrefix to always prepend.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>EnvironmentVariables format does not require -Path; all other formats do. User/Machine scopes require appropriate privileges (Machine scope requires elevation on Windows).</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalSecret -ProjectId $ProjectId -Environment 'dev' | Export-InfisicalSecrets -Format DotEnv -Path '.\.env' -Force</dev:code>
<dev:remarks><maml:para>Writes the dev environment's secrets for the specified project to a .env file.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalSecretResult = Get-InfisicalSecret -ProjectId $ProjectId -Environment 'dev' -SecretPath "/Windows/$($CallingScriptPath.BaseName)" -Recursive
$ExportInfisicalSecretsParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$ExportInfisicalSecretsParameters.InputObject = $GetInfisicalSecretResult
$ExportInfisicalSecretsParameters.Format = 'EnvironmentVariables'
$ExportInfisicalSecretsParameters.Scope = 'Process'
$ExportInfisicalSecretsParameters.Force = $True
$ExportInfisicalSecretsParameters.Verbose = $True
$ExportInfisicalSecretsResult = Export-InfisicalSecrets @ExportInfisicalSecretsParameters</dev:code>
<dev:remarks><maml:para>Projects the recursive secret result into Process-scope environment variables for the current PowerShell session.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>Get-InfisicalSecret -ProjectId $ProjectId -Environment 'dev' | Export-InfisicalSecrets -Format EnvironmentVariables -Scope Process -Prefix 'MYAPP_'</dev:code>
<dev:remarks><maml:para>Imports secrets into the process environment with every variable name prefixed by 'MYAPP_' (e.g. API_KEY becomes MYAPP_API_KEY).</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Import-InfisicalSecret</command:name>
<maml:description><maml:para>Reads a previously exported secrets file (Json, Yaml, Env, or Xml) back into a name-keyed Dictionary.</maml:para></maml:description>
<command:verb>Import</command:verb>
<command:noun>InfisicalSecret</command:noun>
</command:details>
<maml:description>
<maml:para>Loads the file at -Path (which must exist) using the parser matching -Format and returns a case-insensitive Dictionary keyed by SecretName. By default values are SecureString; pass -AsPlainText for a plain string dictionary. -Prefix prepends to every emitted key; keys already starting with -Prefix (case-insensitive) are left as-is to avoid double-prefixing, and -ForcePrefix overrides that gate. -DuplicateKeyBehavior controls collision handling (Error, FirstWins, LastWins). The EnvironmentVariables format is intentionally not supported here; use [Environment]::GetEnvironmentVariable or Get-InfisicalEnvironmentVariable for environment-backed values.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Importers expect the same schema that Export-InfisicalSecrets produces (Json/Yaml = array or 'Secrets' root list of {SecretName, SecretValue}; Xml = &lt;Secrets&gt;&lt;Secret&gt;&lt;SecretName/&gt;&lt;SecretValue/&gt;; Env = KEY=VALUE per line, '#' comments allowed). JSON and YAML additionally accept a flat key/value object as a convenience.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>$Secrets = Import-InfisicalSecret -Path '.\secrets.json' -Format Json</dev:code>
<dev:remarks><maml:para>Reads a JSON export back into a Dictionary&lt;string, SecureString&gt; keyed by the original SecretName values.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$ImportInfisicalSecretParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$ImportInfisicalSecretParameters.Path = [System.IO.FileInfo]'.\secrets.env'
$ImportInfisicalSecretParameters.Format = 'Env'
$ImportInfisicalSecretParameters.Prefix = 'MYAPP_'
$ImportInfisicalSecretParameters.DuplicateKeyBehavior = 'LastWins'
$ImportInfisicalSecretParameters.AsPlainText = $True
$ImportInfisicalSecretResult = Import-InfisicalSecret @ImportInfisicalSecretParameters</dev:code>
<dev:remarks><maml:para>Loads a .env file into a plain-text dictionary, namespacing every key with 'MYAPP_' and letting the last occurrence win on duplicates.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalProject</command:name>
<maml:description><maml:para>Lists or retrieves Infisical projects accessible to the current identity.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalProject</command:noun>
</command:details>
<maml:description>
<maml:para>Default (List parameter set) returns every project the active session can see; project visibility is governed by Infisical's role assignments. -Type filters the list to a single product surface (secret-manager, cert-manager, kms, ssh, secret-scanning, pam, ai). -IncludeRoles asks the server to return the caller's role bindings on each project. When -ProjectId is supplied (Single parameter set) the cmdlet returns the one matching record.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>The List-mode result is an array of InfisicalProject objects; pipe into Where-Object or Select-Object to filter by Slug, Name, or Id. The cmdlet accepts pipeline input by property name on -ProjectId.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalProject</dev:code>
<dev:remarks><maml:para>Lists every project the current session can see.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>Get-InfisicalProject -ProjectId $ProjectId</dev:code>
<dev:remarks><maml:para>Retrieves the canonical record for a single project by id.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>Get-InfisicalProject -Type 'cert-manager' -IncludeRoles</dev:code>
<dev:remarks><maml:para>Lists every Certificate Manager project visible to the session, including the caller's role bindings.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 4</maml:title>
<dev:code>$GetInfisicalProjectListResult = Get-InfisicalProject -Type 'secret-manager' | Where-Object { $_.Slug -ilike 'platform-*' }
$GetInfisicalProjectParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$GetInfisicalProjectParameters.ProjectId = $GetInfisicalProjectListResult[0].Id
$GetInfisicalProjectParameters.Verbose = $True
$GetInfisicalProjectResult = Get-InfisicalProject @GetInfisicalProjectParameters</dev:code>
<dev:remarks><maml:para>Filters Secret Manager projects to slugs that begin with 'platform-' and refetches the first match by id.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>New-InfisicalProject</command:name>
<maml:description><maml:para>Creates a new Infisical project in the active organization.</maml:para></maml:description>
<command:verb>New</command:verb>
<command:noun>InfisicalProject</command:noun>
</command:details>
<maml:description>
<maml:para>Creates a project with the supplied name and optional slug, description, type, and organization id. If -OrganizationId is not supplied, the active session's organization is used. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Slug must be unique within the organization; if not supplied, the server derives one from the project name.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>New-InfisicalProject -ProjectName 'Platform Telemetry'</dev:code>
<dev:remarks><maml:para>Creates a new project named 'Platform Telemetry' in the active organization.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$NewInfisicalProjectParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$NewInfisicalProjectParameters.ProjectName = 'Platform Telemetry'
$NewInfisicalProjectParameters.Slug = 'platform-telemetry'
$NewInfisicalProjectParameters.Description = 'Secrets for platform telemetry pipeline'
$NewInfisicalProjectParameters.Type = 'secret-manager'
$NewInfisicalProjectParameters.OrganizationId = $ConnectInfisicalParameters.OrganizationId
$NewInfisicalProjectParameters.Verbose = $True
$NewInfisicalProjectResult = New-InfisicalProject @NewInfisicalProjectParameters</dev:code>
<dev:remarks><maml:para>Creates a project with an explicit slug, description, and type bound to a specific organization id.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Update-InfisicalProject</command:name>
<maml:description><maml:para>Updates the name, description, or auto-capitalization flag on an existing project.</maml:para></maml:description>
<command:verb>Update</command:verb>
<command:noun>InfisicalProject</command:noun>
</command:details>
<maml:description>
<maml:para>Updates mutable attributes on a project. -ProjectId is required. Only parameters that are bound are sent to the server. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>AutoCapitalization controls whether secret names submitted in mixed case are stored uppercase server-side; setting it false preserves the literal case supplied by clients.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Update-InfisicalProject -Name 'Platform Telemetry (v2)'</dev:code>
<dev:remarks><maml:para>Renames the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalProjectResult = Get-InfisicalProject | Where-Object { $_.Slug -eq 'platform-telemetry' }
$UpdateInfisicalProjectParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$UpdateInfisicalProjectParameters.ProjectId = $GetInfisicalProjectResult.Id
$UpdateInfisicalProjectParameters.Name = 'Platform Telemetry (v2)'
$UpdateInfisicalProjectParameters.Description = 'Migrated to v2 pipeline'
$UpdateInfisicalProjectParameters.AutoCapitalization = $False
$UpdateInfisicalProjectParameters.Verbose = $True
$UpdateInfisicalProjectResult = Update-InfisicalProject @UpdateInfisicalProjectParameters</dev:code>
<dev:remarks><maml:para>Locates the project by slug, renames it, updates the description, and disables auto-capitalization.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Remove-InfisicalProject</command:name>
<maml:description><maml:para>Deletes an Infisical project.</maml:para></maml:description>
<command:verb>Remove</command:verb>
<command:noun>InfisicalProject</command:noun>
</command:details>
<maml:description>
<maml:para>Deletes a project by Id. -ProjectId is required. High ConfirmImpact prompts unless -Confirm:$False is supplied. -PassThru emits the removed project id.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>This is destructive and removes all secrets, environments, folders, and tags within the project. Honors -WhatIf and -Confirm.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Remove-InfisicalProject -Confirm:$False</dev:code>
<dev:remarks><maml:para>Deletes the supplied project without prompting.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalProjectResult = Get-InfisicalProject | Where-Object { $_.Slug -eq 'sandbox-temp' }
$RemoveInfisicalProjectParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$RemoveInfisicalProjectParameters.ProjectId = $GetInfisicalProjectResult.Id
$RemoveInfisicalProjectParameters.PassThru = $True
$RemoveInfisicalProjectParameters.Confirm = $False
$RemoveInfisicalProjectParameters.Verbose = $True
$RemoveInfisicalProjectResult = Remove-InfisicalProject @RemoveInfisicalProjectParameters</dev:code>
<dev:remarks><maml:para>Finds the sandbox project by slug, removes it without confirmation, and emits the removed project id for logging.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalEnvironment</command:name>
<maml:description><maml:para>Lists or retrieves Infisical environments defined on a project.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalEnvironment</command:noun>
</command:details>
<maml:description>
<maml:para>Default (List parameter set) returns every environment configured on the supplied project. When -EnvironmentSlugOrId is supplied (Single parameter set) the cmdlet returns one environment by slug or id. -ProjectId is required in both modes.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Each InfisicalEnvironment carries both Id and Slug; downstream cmdlets accept either form on -Environment-like parameters. Accepts pipeline input by property name on -EnvironmentSlugOrId.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalEnvironment</dev:code>
<dev:remarks><maml:para>Lists every environment defined on the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>Get-InfisicalEnvironment -EnvironmentSlugOrId 'dev'</dev:code>
<dev:remarks><maml:para>Retrieves the 'dev' environment from the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>$GetInfisicalProjectResult = Get-InfisicalProject | Where-Object { $_.Slug -eq 'platform-telemetry' }
$GetInfisicalEnvironmentParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$GetInfisicalEnvironmentParameters.EnvironmentSlugOrId = 'dev'
$GetInfisicalEnvironmentParameters.ProjectId = $GetInfisicalProjectResult.Id
$GetInfisicalEnvironmentParameters.Verbose = $True
$GetInfisicalEnvironmentResult = Get-InfisicalEnvironment @GetInfisicalEnvironmentParameters</dev:code>
<dev:remarks><maml:para>Resolves a project by slug and re-fetches the dev environment record by slug under that project.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>New-InfisicalEnvironment</command:name>
<maml:description><maml:para>Creates a new environment on an Infisical project.</maml:para></maml:description>
<command:verb>New</command:verb>
<command:noun>InfisicalEnvironment</command:noun>
</command:details>
<maml:description>
<maml:para>Creates an environment with the supplied display name and slug, optionally setting its sort -Position. -ProjectId is required. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Slugs must be unique within the project and are used as the canonical -Environment value across all other cmdlets.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>New-InfisicalEnvironment -Name 'Staging' -Slug 'staging'</dev:code>
<dev:remarks><maml:para>Adds a Staging environment to the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalProjectResult = Get-InfisicalProject | Where-Object { $_.Slug -eq 'platform-telemetry' }
$NewInfisicalEnvironmentParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$NewInfisicalEnvironmentParameters.ProjectId = $GetInfisicalProjectResult.Id
$NewInfisicalEnvironmentParameters.Name = 'Staging'
$NewInfisicalEnvironmentParameters.Slug = 'staging'
$NewInfisicalEnvironmentParameters.Position = 20
$NewInfisicalEnvironmentParameters.Verbose = $True
$NewInfisicalEnvironmentResult = New-InfisicalEnvironment @NewInfisicalEnvironmentParameters</dev:code>
<dev:remarks><maml:para>Adds a Staging environment at sort position 20 on the resolved project.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Update-InfisicalEnvironment</command:name>
<maml:description><maml:para>Updates the name, slug, or sort order of an existing Infisical environment.</maml:para></maml:description>
<command:verb>Update</command:verb>
<command:noun>InfisicalEnvironment</command:noun>
</command:details>
<maml:description>
<maml:para>Updates an environment identified by -EnvironmentId. -ProjectId is required. Only bound parameters are sent to the server. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Changing -Slug can break downstream automation that pins to the previous slug. Coordinate slug rotation with consumers.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Update-InfisicalEnvironment -EnvironmentId $EnvId -Name 'Pre-Production'</dev:code>
<dev:remarks><maml:para>Renames an environment in the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalEnvironmentResult = Get-InfisicalEnvironment | Where-Object { $_.Slug -eq 'staging' }
$UpdateInfisicalEnvironmentParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$UpdateInfisicalEnvironmentParameters.EnvironmentId = $GetInfisicalEnvironmentResult.Id
$UpdateInfisicalEnvironmentParameters.ProjectId = $ProjectId
$UpdateInfisicalEnvironmentParameters.Name = 'Pre-Production'
$UpdateInfisicalEnvironmentParameters.Slug = 'preprod'
$UpdateInfisicalEnvironmentParameters.Position = 25
$UpdateInfisicalEnvironmentParameters.Verbose = $True
$UpdateInfisicalEnvironmentResult = Update-InfisicalEnvironment @UpdateInfisicalEnvironmentParameters</dev:code>
<dev:remarks><maml:para>Locates the staging environment, renames it to Pre-Production, rotates its slug, and updates its sort order.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Remove-InfisicalEnvironment</command:name>
<maml:description><maml:para>Deletes an Infisical environment from a project.</maml:para></maml:description>
<command:verb>Remove</command:verb>
<command:noun>InfisicalEnvironment</command:noun>
</command:details>
<maml:description>
<maml:para>Removes an environment by Id. -ProjectId is required. High ConfirmImpact prompts unless -Confirm:$False is supplied. -PassThru emits the removed environment id.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Removing an environment deletes every secret and folder scoped to it. Honors -WhatIf and -Confirm.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Remove-InfisicalEnvironment -EnvironmentId $EnvId -Confirm:$False</dev:code>
<dev:remarks><maml:para>Deletes an environment without prompting.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalEnvironmentResult = Get-InfisicalEnvironment | Where-Object { $_.Slug -eq 'sandbox' }
$RemoveInfisicalEnvironmentParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$RemoveInfisicalEnvironmentParameters.EnvironmentId = $GetInfisicalEnvironmentResult.Id
$RemoveInfisicalEnvironmentParameters.ProjectId = $ProjectId
$RemoveInfisicalEnvironmentParameters.PassThru = $True
$RemoveInfisicalEnvironmentParameters.Confirm = $False
$RemoveInfisicalEnvironmentParameters.Verbose = $True
$RemoveInfisicalEnvironmentResult = Remove-InfisicalEnvironment @RemoveInfisicalEnvironmentParameters</dev:code>
<dev:remarks><maml:para>Removes the sandbox environment without prompting and emits its id for the audit trail.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalFolder</command:name>
<maml:description><maml:para>Lists or retrieves Infisical folders at a given secret path.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalFolder</command:noun>
</command:details>
<maml:description>
<maml:para>Default (List parameter set) enumerates folders directly under the supplied -Path within the project and environment. When -FolderNameOrId is supplied (Single parameter set) the cmdlet returns one folder by name or id under -Path. -ProjectId and -Environment are required in both modes; -Path defaults to '/'.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>List mode is a non-recursive listing of immediate subfolders. To enumerate secrets across a folder subtree use Get-InfisicalSecret -Recursive. Accepts pipeline input by property name on -FolderNameOrId.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalFolder -ProjectId $ProjectId -Environment 'dev' -Path '/Windows'</dev:code>
<dev:remarks><maml:para>Lists every folder directly under /Windows in the supplied project and environment.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>Get-InfisicalFolder -FolderNameOrId 'Deployments' -ProjectId $ProjectId -Environment 'dev' -Path '/Windows'</dev:code>
<dev:remarks><maml:para>Retrieves the Deployments folder under /Windows in the supplied project and environment.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>$GetInfisicalFolderListResult = Get-InfisicalFolder -Path '/Windows' | Where-Object { $_.Name -eq 'Deployments' }
$GetInfisicalFolderParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$GetInfisicalFolderParameters.FolderNameOrId = $GetInfisicalFolderListResult.Id
$GetInfisicalFolderParameters.ProjectId = $ProjectId
$GetInfisicalFolderParameters.Environment = 'dev'
$GetInfisicalFolderParameters.Path = '/Windows'
$GetInfisicalFolderParameters.Verbose = $True
$GetInfisicalFolderResult = Get-InfisicalFolder @GetInfisicalFolderParameters</dev:code>
<dev:remarks><maml:para>Locates the folder by name first, then re-fetches it by id to refresh the canonical record.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>New-InfisicalFolder</command:name>
<maml:description><maml:para>Creates a new Infisical folder under the supplied parent path.</maml:para></maml:description>
<command:verb>New</command:verb>
<command:noun>InfisicalFolder</command:noun>
</command:details>
<maml:description>
<maml:para>Creates a folder with the supplied -Name beneath the supplied -Path. -ProjectId and -Environment are required; -Path defaults to '/'. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Folder names are case-sensitive and must be unique within a parent path; the cmdlet does not create intermediate folders.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>New-InfisicalFolder -Name 'Deployments' -ProjectId $ProjectId -Environment 'dev' -Path '/Windows'</dev:code>
<dev:remarks><maml:para>Creates the Deployments folder under /Windows in the supplied project and environment.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$NewInfisicalFolderParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$NewInfisicalFolderParameters.Name = $CallingScriptPath.BaseName
$NewInfisicalFolderParameters.ProjectId = $ProjectId
$NewInfisicalFolderParameters.Environment = 'dev'
$NewInfisicalFolderParameters.Path = '/Windows'
$NewInfisicalFolderParameters.Verbose = $True
$NewInfisicalFolderResult = New-InfisicalFolder @NewInfisicalFolderParameters</dev:code>
<dev:remarks><maml:para>Creates a script-named folder under /Windows in the supplied project and environment.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Update-InfisicalFolder</command:name>
<maml:description><maml:para>Renames an existing Infisical folder.</maml:para></maml:description>
<command:verb>Update</command:verb>
<command:noun>InfisicalFolder</command:noun>
</command:details>
<maml:description>
<maml:para>Renames a folder identified by -FolderId to the supplied -Name. -ProjectId and -Environment are required; -Path defaults to '/'. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Renaming a folder rewrites the path component for every secret beneath it; coordinate with consumers that pin to the previous path.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Update-InfisicalFolder -FolderId $FolderId -Name 'Deployments-Archive'</dev:code>
<dev:remarks><maml:para>Renames a folder in the supplied project/environment.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalFolderResult = Get-InfisicalFolder -Path '/Windows' | Where-Object { $_.Name -eq 'Deployments' }
$UpdateInfisicalFolderParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$UpdateInfisicalFolderParameters.FolderId = $GetInfisicalFolderResult.Id
$UpdateInfisicalFolderParameters.Name = 'Deployments-Archive'
$UpdateInfisicalFolderParameters.ProjectId = $ProjectId
$UpdateInfisicalFolderParameters.Environment = 'dev'
$UpdateInfisicalFolderParameters.Path = '/Windows'
$UpdateInfisicalFolderParameters.Verbose = $True
$UpdateInfisicalFolderResult = Update-InfisicalFolder @UpdateInfisicalFolderParameters</dev:code>
<dev:remarks><maml:para>Resolves the folder by name and renames it to Deployments-Archive.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Remove-InfisicalFolder</command:name>
<maml:description><maml:para>Deletes an Infisical folder and all secrets it contains.</maml:para></maml:description>
<command:verb>Remove</command:verb>
<command:noun>InfisicalFolder</command:noun>
</command:details>
<maml:description>
<maml:para>Removes a folder by Id from the supplied -Path. -ProjectId and -Environment are required; -Path defaults to '/'. High ConfirmImpact prompts unless -Confirm:$False is supplied. -PassThru emits the removed folder id.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>This is destructive and removes every secret and subfolder under the target folder. Honors -WhatIf and -Confirm.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Remove-InfisicalFolder -FolderId $FolderId -Confirm:$False</dev:code>
<dev:remarks><maml:para>Deletes a folder from the supplied project/environment without prompting.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalFolderResult = Get-InfisicalFolder -Path '/Windows' | Where-Object { $_.Name -eq $CallingScriptPath.BaseName }
$RemoveInfisicalFolderParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$RemoveInfisicalFolderParameters.FolderId = $GetInfisicalFolderResult.Id
$RemoveInfisicalFolderParameters.ProjectId = $ProjectId
$RemoveInfisicalFolderParameters.Environment = 'dev'
$RemoveInfisicalFolderParameters.Path = '/Windows'
$RemoveInfisicalFolderParameters.PassThru = $True
$RemoveInfisicalFolderParameters.Confirm = $False
$RemoveInfisicalFolderParameters.Verbose = $True
$RemoveInfisicalFolderResult = Remove-InfisicalFolder @RemoveInfisicalFolderParameters</dev:code>
<dev:remarks><maml:para>Resolves the script-named folder under /Windows and removes it without prompting, returning its id for logging.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalTag</command:name>
<maml:description><maml:para>Lists or retrieves Infisical tags defined on a project.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalTag</command:noun>
</command:details>
<maml:description>
<maml:para>Default (List parameter set) returns every tag configured on the project. When -TagSlugOrId is supplied (Single parameter set) the cmdlet returns the one matching record. -ProjectId is required in both modes.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Tag Ids returned here are the values to pass on -TagIds when creating or updating secrets. Accepts pipeline input by property name on -TagSlugOrId.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalTag</dev:code>
<dev:remarks><maml:para>Lists every tag defined on the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>Get-InfisicalTag -TagSlugOrId 'critical'</dev:code>
<dev:remarks><maml:para>Retrieves the 'critical' tag from the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>$GetInfisicalProjectResult = Get-InfisicalProject | Where-Object { $_.Slug -eq 'platform-telemetry' }
$GetInfisicalTagParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$GetInfisicalTagParameters.TagSlugOrId = 'critical'
$GetInfisicalTagParameters.ProjectId = $GetInfisicalProjectResult.Id
$GetInfisicalTagParameters.Verbose = $True
$GetInfisicalTagResult = Get-InfisicalTag @GetInfisicalTagParameters</dev:code>
<dev:remarks><maml:para>Resolves a project by slug and refetches the 'critical' tag from that project.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>New-InfisicalTag</command:name>
<maml:description><maml:para>Creates a new Infisical tag on a project.</maml:para></maml:description>
<command:verb>New</command:verb>
<command:noun>InfisicalTag</command:noun>
</command:details>
<maml:description>
<maml:para>Creates a tag with the supplied -Slug, optional -Name and -Color. -ProjectId is required. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Tag slugs must be unique within the project and are the canonical reference used by tag-filtered secret lookups.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>New-InfisicalTag -Slug 'critical' -Name 'Critical' -Color '#FF0000'</dev:code>
<dev:remarks><maml:para>Creates a red Critical tag in the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$NewInfisicalTagParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$NewInfisicalTagParameters.Slug = 'critical'
$NewInfisicalTagParameters.Name = 'Critical'
$NewInfisicalTagParameters.Color = '#FF0000'
$NewInfisicalTagParameters.ProjectId = $ProjectId
$NewInfisicalTagParameters.Verbose = $True
$NewInfisicalTagResult = New-InfisicalTag @NewInfisicalTagParameters</dev:code>
<dev:remarks><maml:para>Creates a red Critical tag against an explicitly supplied project id.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Update-InfisicalTag</command:name>
<maml:description><maml:para>Updates the slug, name, or color of an existing Infisical tag.</maml:para></maml:description>
<command:verb>Update</command:verb>
<command:noun>InfisicalTag</command:noun>
</command:details>
<maml:description>
<maml:para>Updates a tag identified by -TagId. -ProjectId is required. Only bound parameters are sent to the server. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Changing -Slug breaks tag-filtered automation that pins to the previous slug. Coordinate slug rotation with consumers.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Update-InfisicalTag -TagId $TagId -Color '#FFA500'</dev:code>
<dev:remarks><maml:para>Changes the display color of a tag in the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalTagResult = Get-InfisicalTag | Where-Object { $_.Slug -eq 'critical' }
$UpdateInfisicalTagParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$UpdateInfisicalTagParameters.TagId = $GetInfisicalTagResult.Id
$UpdateInfisicalTagParameters.Slug = 'critical-v2'
$UpdateInfisicalTagParameters.Name = 'Critical (v2)'
$UpdateInfisicalTagParameters.Color = '#FFA500'
$UpdateInfisicalTagParameters.ProjectId = $ProjectId
$UpdateInfisicalTagParameters.Verbose = $True
$UpdateInfisicalTagResult = Update-InfisicalTag @UpdateInfisicalTagParameters</dev:code>
<dev:remarks><maml:para>Locates the critical tag and rotates its slug, display name, and color.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Remove-InfisicalTag</command:name>
<maml:description><maml:para>Deletes an Infisical tag from a project.</maml:para></maml:description>
<command:verb>Remove</command:verb>
<command:noun>InfisicalTag</command:noun>
</command:details>
<maml:description>
<maml:para>Removes a tag by Id. -ProjectId is required. High ConfirmImpact prompts unless -Confirm:$False is supplied. -PassThru emits the removed tag id.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Removing a tag detaches it from every secret it was applied to but does not delete the secrets themselves. Honors -WhatIf and -Confirm.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Remove-InfisicalTag -TagId $TagId -Confirm:$False</dev:code>
<dev:remarks><maml:para>Deletes a tag from the supplied project without prompting.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalTagResult = Get-InfisicalTag | Where-Object { $_.Slug -eq 'critical-v2' }
$RemoveInfisicalTagParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$RemoveInfisicalTagParameters.TagId = $GetInfisicalTagResult.Id
$RemoveInfisicalTagParameters.ProjectId = $ProjectId
$RemoveInfisicalTagParameters.PassThru = $True
$RemoveInfisicalTagParameters.Confirm = $False
$RemoveInfisicalTagParameters.Verbose = $True
$RemoveInfisicalTagResult = Remove-InfisicalTag @RemoveInfisicalTagParameters</dev:code>
<dev:remarks><maml:para>Resolves a tag by slug and removes it without prompting, returning its id for the audit trail.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalCertificateAuthority</command:name>
<maml:description><maml:para>Lists or retrieves Infisical Certificate Authorities.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalCertificateAuthority</command:noun>
</command:details>
<maml:description>
<maml:para>When -CaId is supplied (ById parameter set) returns a single internal CA. Otherwise (List parameter set) returns CAs scoped by -Kind: Internal (default, /api/v1/cert-manager/ca/internal), Any (/api/v1/cert-manager/ca returning both internal and ACME), or Acme (filters the generic endpoint to ACME issuers only). -ProjectId is required.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>ByID retrieval currently always resolves against the internal CA endpoint. CA Ids returned here are the values to pass on -CertificateAuthorityId to Request-InfisicalCertificate. The Type property distinguishes 'internal' from 'acme' when -Kind Any is used.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalCertificateAuthority</dev:code>
<dev:remarks><maml:para>Lists every internal CA visible in the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>Get-InfisicalCertificateAuthority -Kind Any</dev:code>
<dev:remarks><maml:para>Lists every CA (internal and ACME) visible in the supplied project; inspect the Type property to distinguish them.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>$GetInfisicalCertificateAuthorityListResult = Get-InfisicalCertificateAuthority | Where-Object { $_.FriendlyName -eq 'Issuing CA - Platform' }
$GetInfisicalCertificateAuthorityParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$GetInfisicalCertificateAuthorityParameters.CaId = $GetInfisicalCertificateAuthorityListResult.Id
$GetInfisicalCertificateAuthorityParameters.ProjectId = $ProjectId
$GetInfisicalCertificateAuthorityParameters.Verbose = $True
$GetInfisicalCertificateAuthorityResult = Get-InfisicalCertificateAuthority @GetInfisicalCertificateAuthorityParameters</dev:code>
<dev:remarks><maml:para>Filters the CA list by friendly name and then re-fetches the canonical CA record by id using a splatted parameter set.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalCertificate</command:name>
<maml:description><maml:para>Lists or retrieves Infisical certificates in a project, with optional filters and automatic paging.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalCertificate</command:noun>
</command:details>
<maml:description>
<maml:para>Default (List parameter set) enumerates certificates with optional filters for -CommonName, -FriendlyName, -Status, and -CaId; -Limit and -Offset drive a single page and pages are walked automatically until exhausted unless -NoAutoPage is supplied. When -SerialNumber is supplied (Single parameter set) the cmdlet returns one certificate record. -ProjectId is required in both modes.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Single mode returns metadata only; to obtain certificate and chain PEM material use ConvertTo-InfisicalCertificate or Export-InfisicalCertificate. Accepts pipeline input by property name on -SerialNumber.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalCertificate -Status 'active'</dev:code>
<dev:remarks><maml:para>Lists every active certificate in the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>Get-InfisicalCertificate -SerialNumber '7A:F2:1B:...:9E'</dev:code>
<dev:remarks><maml:para>Retrieves the certificate record for the supplied serial number.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>$GetInfisicalCertificateAuthorityListResult = Get-InfisicalCertificateAuthority | Where-Object { $_.FriendlyName -eq 'Issuing CA - Platform' }
$GetInfisicalCertificateParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$GetInfisicalCertificateParameters.ProjectId = $ProjectId
$GetInfisicalCertificateParameters.CommonName = $env:COMPUTERNAME
$GetInfisicalCertificateParameters.FriendlyName = 'web-tier'
$GetInfisicalCertificateParameters.Status = 'active'
$GetInfisicalCertificateParameters.CaId = @($GetInfisicalCertificateAuthorityListResult.Id)
$GetInfisicalCertificateParameters.Limit = 100
$GetInfisicalCertificateParameters.Verbose = $True
$GetInfisicalCertificateListResult = Get-InfisicalCertificate @GetInfisicalCertificateParameters</dev:code>
<dev:remarks><maml:para>Resolves the issuing CA, then lists active certificates scoped to that CA, the local hostname, and the 'web-tier' friendly name.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalPkiSubscriber</command:name>
<maml:description><maml:para>Lists or retrieves Infisical PKI subscribers in a project.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalPkiSubscriber</command:noun>
</command:details>
<maml:description>
<maml:para>Default (List parameter set) returns every PKI subscriber configured on the project. When -Name is supplied (ByName parameter set) the cmdlet returns one subscriber by its slug. -ProjectId is required in both modes.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>The -Name parameter is the subscriber slug; aliases SubscriberName and Slug are accepted. Pass the slug returned here on -PkiSubscriberSlug when calling Request-InfisicalCertificate. Accepts pipeline input by property name on -Name.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalPkiSubscriber</dev:code>
<dev:remarks><maml:para>Lists every PKI subscriber defined on the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>Get-InfisicalPkiSubscriber -Name 'mecm'</dev:code>
<dev:remarks><maml:para>Retrieves the 'mecm' PKI subscriber from the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>$GetInfisicalPkiSubscriberListResult = Get-InfisicalPkiSubscriber | Where-Object { $_.Name -ilike 'mecm*' }
$GetInfisicalPkiSubscriberParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$GetInfisicalPkiSubscriberParameters.Name = $GetInfisicalPkiSubscriberListResult[0].Name
$GetInfisicalPkiSubscriberParameters.ProjectId = $ProjectId
$GetInfisicalPkiSubscriberParameters.Verbose = $True
$GetInfisicalPkiSubscriberResult = Get-InfisicalPkiSubscriber @GetInfisicalPkiSubscriberParameters</dev:code>
<dev:remarks><maml:para>Filters subscribers whose name starts with 'mecm' and refetches the canonical record for the first match.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalCertificateProfile</command:name>
<maml:description><maml:para>Lists or retrieves Infisical certificate profiles in a project.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalCertificateProfile</command:noun>
</command:details>
<maml:description>
<maml:para>Default (List parameter set) returns every certificate profile configured on the project via /api/v1/cert-manager/certificate-profiles, with optional -Limit, -Offset, and -IncludeConfigs. When -ProfileId is supplied (ById parameter set) the cmdlet returns one profile by its id. -ProjectId is required in both modes.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Profiles bind a CA and a certificate policy and surface defaults (TtlDays, KeyAlgorithm, KeyUsages, ExtendedKeyUsages). Use the returned profile Id when wiring profile-based issuance against Request-InfisicalCertificate.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalCertificateProfile</dev:code>
<dev:remarks><maml:para>Lists every certificate profile defined on the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>Get-InfisicalCertificateProfile -ProfileId '8257641e-c808-454e-ac92-8dc920be865f'</dev:code>
<dev:remarks><maml:para>Retrieves a single certificate profile by id from the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>$GetInfisicalCertificateProfileListResult = Get-InfisicalCertificateProfile | Where-Object { $_.Slug -ieq 'codesigning' }
$GetInfisicalCertificateProfileParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$GetInfisicalCertificateProfileParameters.ProfileId = $GetInfisicalCertificateProfileListResult[0].Id
$GetInfisicalCertificateProfileParameters.ProjectId = $ProjectId
$GetInfisicalCertificateProfileParameters.Verbose = $True
$GetInfisicalCertificateProfileResult = Get-InfisicalCertificateProfile @GetInfisicalCertificateProfileParameters</dev:code>
<dev:remarks><maml:para>Filters profiles whose slug equals 'codesigning' and refetches the canonical record for the first match using a splatted parameter set.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalCertificatePolicy</command:name>
<maml:description><maml:para>Lists or retrieves Infisical certificate policies in a project.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalCertificatePolicy</command:noun>
</command:details>
<maml:description>
<maml:para>Default (List parameter set) returns every certificate policy configured on the project via /api/v1/cert-manager/certificate-policies, with optional -Limit and -Offset. When -PolicyId is supplied (ById parameter set) the cmdlet returns one policy by its id. -ProjectId is required in both modes.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Policies define the allowed/required subject, SANs, key usages, extended key usages, key algorithms, signature algorithm, and validity windows that certificate profiles enforce. Each profile binds exactly one policy via its CertificatePolicyId.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalCertificatePolicy</dev:code>
<dev:remarks><maml:para>Lists every certificate policy defined on the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>Get-InfisicalCertificatePolicy -PolicyId '3e69306a-e7c1-4fd2-a140-7fb300e53c43'</dev:code>
<dev:remarks><maml:para>Retrieves a single certificate policy by id from the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>$GetInfisicalCertificatePolicyListResult = Get-InfisicalCertificatePolicy | Where-Object { $_.Name -ieq 'codesigning' }
$GetInfisicalCertificatePolicyParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$GetInfisicalCertificatePolicyParameters.PolicyId = $GetInfisicalCertificatePolicyListResult[0].Id
$GetInfisicalCertificatePolicyParameters.ProjectId = $ProjectId
$GetInfisicalCertificatePolicyParameters.Verbose = $True
$GetInfisicalCertificatePolicyResult = Get-InfisicalCertificatePolicy @GetInfisicalCertificatePolicyParameters</dev:code>
<dev:remarks><maml:para>Filters policies whose name equals 'codesigning' and refetches the canonical record for the first match using a splatted parameter set.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Request-InfisicalCertificate</command:name>
<maml:description><maml:para>Requests a new Infisical certificate (local CSR + sign) or reuses a still-valid existing one.</maml:para></maml:description>
<command:verb>Request</command:verb>
<command:noun>InfisicalCertificate</command:noun>
</command:details>
<maml:description>
<maml:para>Generates a keypair locally, builds a CSR, and submits it for signing via one of three parameter sets: a PKI subscriber (-PkiSubscriberSlug, default), direct CA signing (-CertificateAuthorityId), or a certificate profile (-CertificateProfileId, POSTs to /api/v1/cert-manager/certificates with the profile bound). On subsequent runs an existing certificate whose CN matches and whose remaining lifetime exceeds -RenewalThresholdDays is reused; pass -Force to always issue or -AllowRenewal to allow rotation inside the threshold. Optional flags install the leaf (-Install) and chain (-InstallChain) into a Windows certificate store, and control private-key protection (-PrivateKeyProtection, -PersistKey, -MachineKey, -PrivateKeyPath, -KeyStorageFlags). Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Default -PrivateKeyProtection is 'LocalOnly': the leaf is loaded into memory without persisting the private key and PrivateKeyPem is scrubbed from the emitted result unless -PrivateKeyPath or an explicit -KeyStorageFlags binding overrides it. The reuse path completes its chain from the Infisical bundle when local stores are incomplete; pass -LocalChainOnly to suppress that fetch entirely.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Request-InfisicalCertificate -PkiSubscriberSlug 'web-tier' -Install</dev:code>
<dev:remarks><maml:para>Requests (or reuses) a certificate for the 'web-tier' subscriber and installs it into CurrentUser\My.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$RequestInfisicalCertificateParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$RequestInfisicalCertificateParameters.PkiSubscriberSlug = 'web-tier'
$RequestInfisicalCertificateParameters.ProjectId = $ProjectId
$RequestInfisicalCertificateParameters.CommonName = ([System.Net.Dns]::GetHostEntry($env:COMPUTERNAME)).HostName
$RequestInfisicalCertificateParameters.DnsName = @(([System.Net.Dns]::GetHostEntry($env:COMPUTERNAME)).HostName, $env:COMPUTERNAME)
$RequestInfisicalCertificateParameters.KeyAlgorithm = 'Rsa'
$RequestInfisicalCertificateParameters.KeySize = 3072
$RequestInfisicalCertificateParameters.Install = $True
$RequestInfisicalCertificateParameters.InstallChain = $True
$RequestInfisicalCertificateParameters.StoreName = 'My'
$RequestInfisicalCertificateParameters.StoreLocation = 'LocalMachine'
$RequestInfisicalCertificateParameters.PrivateKeyProtection = 'NonExportable'
$RequestInfisicalCertificateParameters.MachineKey = $True
$RequestInfisicalCertificateParameters.PersistKey = $True
$RequestInfisicalCertificateParameters.AllowRenewal = $True
$RequestInfisicalCertificateParameters.RenewalThresholdDays = 30
$RequestInfisicalCertificateParameters.Verbose = $True
$RequestInfisicalCertificateResult = Request-InfisicalCertificate @RequestInfisicalCertificateParameters</dev:code>
<dev:remarks><maml:para>Issues (or renews within 30 days) a 3072-bit RSA certificate for the local FQDN, installs the leaf and chain into LocalMachine\My with a non-exportable machine-bound persistent key.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>$Profile = Get-InfisicalCertificateProfile | Where-Object { $_.Slug -eq 'web-tier-profile' }
Request-InfisicalCertificate -CertificateProfileId $Profile.Id -CommonName 'web01.contoso.com' -Ttl '90d'</dev:code>
<dev:remarks><maml:para>Issues a certificate via the modern profile API (POST /api/v1/cert-manager/certificates). The profile binds the CA, policy, and defaults so no subscriber is required.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>ConvertTo-InfisicalCertificate</command:name>
<maml:description><maml:para>Materializes an X509Certificate2 from an Infisical certificate record, bundle, or serial number.</maml:para></maml:description>
<command:verb>ConvertTo</command:verb>
<command:noun>InfisicalCertificate</command:noun>
</command:details>
<maml:description>
<maml:para>Fetches the certificate bundle (when given an InfisicalCertificate or -SerialNumber), or accepts an already-fetched -Bundle, and constructs an X509Certificate2 from the PEM material. Use -NoPrivateKey to omit the private key, -KeyStorageFlags to control how the key is loaded, and -IncludeChain to additionally emit each chain certificate as a separate X509Certificate2 in the pipeline.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>The bundle for any given certificate is typically retrievable only once after issuance; -SerialNumber and pipeline modes will fail with a bundle-not-available error for older certificates. Use -KeyStorageFlags Exportable when callers need to re-export the resulting cert as PFX.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalCertificate -SerialNumber $Serial | ConvertTo-InfisicalCertificate -IncludeChain</dev:code>
<dev:remarks><maml:para>Materializes the certificate and emits each chain element individually.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalCertificateResult = Get-InfisicalCertificate -Status 'active' | Where-Object { $_.CommonName -eq $env:COMPUTERNAME }
$ConvertToInfisicalCertificateParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$ConvertToInfisicalCertificateParameters.SerialNumber = $GetInfisicalCertificateResult[0].SerialNumber
$ConvertToInfisicalCertificateParameters.NoPrivateKey = $False
$ConvertToInfisicalCertificateParameters.IncludeChain = $True
$ConvertToInfisicalCertificateParameters.KeyStorageFlags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$ConvertToInfisicalCertificateParameters.Verbose = $True
$ConvertToInfisicalCertificateResult = ConvertTo-InfisicalCertificate @ConvertToInfisicalCertificateParameters</dev:code>
<dev:remarks><maml:para>Selects the active certificate whose CN matches the host and materializes it (with private key and chain) as exportable X509Certificate2 objects.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Export-InfisicalCertificate</command:name>
<maml:description><maml:para>Exports an Infisical certificate to disk in PEM, PFX, or CER format.</maml:para></maml:description>
<command:verb>Export</command:verb>
<command:noun>InfisicalCertificate</command:noun>
</command:details>
<maml:description>
<maml:para>Writes a certificate to -Path in the supplied -Format. Accepts an X509Certificate2, an InfisicalCertificateBundle, an InfisicalCertificate (refetches bundle by serial), or a -SerialNumber. -Password (SecureString) supplies the PFX password. -IncludeChain appends chain certificates (PEM only). -NoPrivateKey omits the private key. -Force overwrites an existing file. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>PFX export requires the cert to have been loaded with X509KeyStorageFlags.Exportable; bundle/serial modes import with Exportable automatically. CER and PFX formats ignore -IncludeChain.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Export-InfisicalCertificate -Path 'C:\Temp\web-tier.pem' -Format Pem -SerialNumber $Serial -IncludeChain</dev:code>
<dev:remarks><maml:para>Exports a certificate, its chain, and private key (when available) as a single PEM bundle.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalCertificateResult = Get-InfisicalCertificate -Status 'active' | Where-Object { $_.CommonName -eq $env:COMPUTERNAME }
$ExportInfisicalCertificateParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$ExportInfisicalCertificateParameters.SerialNumber = $GetInfisicalCertificateResult[0].SerialNumber
$ExportInfisicalCertificateParameters.Path = "C:\Temp\$($env:COMPUTERNAME).pfx"
$ExportInfisicalCertificateParameters.Format = 'Pfx'
$ExportInfisicalCertificateParameters.Password = (Read-Host -AsSecureString -Prompt 'PFX password')
$ExportInfisicalCertificateParameters.Force = $True
$ExportInfisicalCertificateParameters.PassThru = $True
$ExportInfisicalCertificateParameters.Verbose = $True
$ExportInfisicalCertificateResult = Export-InfisicalCertificate @ExportInfisicalCertificateParameters</dev:code>
<dev:remarks><maml:para>Resolves the active host certificate by serial and exports it as a password-protected PFX, overwriting any existing file and emitting a FileInfo for downstream use.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Install-InfisicalCertificate</command:name>
<maml:description><maml:para>Installs an Infisical certificate (and optional chain) into a Windows certificate store.</maml:para></maml:description>
<command:verb>Install</command:verb>
<command:noun>InfisicalCertificate</command:noun>
</command:details>
<maml:description>
<maml:para>Adds a certificate to the supplied -StoreName and -StoreLocation. Accepts an X509Certificate2, an InfisicalCertificate (refetches bundle by serial), or a -SerialNumber. -KeyStorageFlags controls private-key loading. -IncludeChain installs each chain certificate to the CertificateAuthority store of the same -StoreLocation. -Force replaces an existing thumbprint. -PassThru emits the installed certificate. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Installing into LocalMachine stores typically requires elevation. -IncludeChain only fires for serial/InfisicalCertificate inputs because the X509Certificate2 input has no associated bundle to walk.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Install-InfisicalCertificate -SerialNumber $Serial -StoreLocation LocalMachine -IncludeChain</dev:code>
<dev:remarks><maml:para>Installs the leaf into LocalMachine\My and each chain element into LocalMachine\CertificateAuthority.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalCertificateResult = Get-InfisicalCertificate -Status 'active' | Where-Object { $_.CommonName -eq $env:COMPUTERNAME }
$InstallInfisicalCertificateParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$InstallInfisicalCertificateParameters.SerialNumber = $GetInfisicalCertificateResult[0].SerialNumber
$InstallInfisicalCertificateParameters.StoreName = 'My'
$InstallInfisicalCertificateParameters.StoreLocation = 'LocalMachine'
$InstallInfisicalCertificateParameters.KeyStorageFlags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet -bor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet
$InstallInfisicalCertificateParameters.IncludeChain = $True
$InstallInfisicalCertificateParameters.Force = $True
$InstallInfisicalCertificateParameters.PassThru = $True
$InstallInfisicalCertificateParameters.Verbose = $True
$InstallInfisicalCertificateResult = Install-InfisicalCertificate @InstallInfisicalCertificateParameters</dev:code>
<dev:remarks><maml:para>Resolves the active host certificate and installs the leaf (with a machine-bound persistent key) plus its chain into LocalMachine, replacing any existing thumbprint match.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Uninstall-InfisicalCertificate</command:name>
<maml:description><maml:para>Removes a certificate from a Windows certificate store by thumbprint, subject, or pipeline input.</maml:para></maml:description>
<command:verb>Uninstall</command:verb>
<command:noun>InfisicalCertificate</command:noun>
</command:details>
<maml:description>
<maml:para>Removes matching certificates from the supplied -StoreName and -StoreLocation. Accepts -Thumbprint, -Subject, an X509Certificate2 (-Certificate), or an InfisicalCertificate (-InfisicalCertificate, uses FingerprintSha1). -Force allows removing multiple matches in one call; -PassThru emits each removed certificate. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>When more than one certificate matches -Subject and -Force is not supplied the cmdlet throws to prevent accidental bulk removal. Uninstalling from LocalMachine stores typically requires elevation.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Uninstall-InfisicalCertificate -Thumbprint $Thumbprint -StoreLocation LocalMachine</dev:code>
<dev:remarks><maml:para>Removes the certificate with the supplied thumbprint from LocalMachine\My.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalCertificateResult = Get-InfisicalCertificate -Status 'revoked' | Where-Object { $_.CommonName -eq $env:COMPUTERNAME }
$UninstallInfisicalCertificateParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$UninstallInfisicalCertificateParameters.InfisicalCertificate = $GetInfisicalCertificateResult[0]
$UninstallInfisicalCertificateParameters.StoreName = 'My'
$UninstallInfisicalCertificateParameters.StoreLocation = 'LocalMachine'
$UninstallInfisicalCertificateParameters.Force = $True
$UninstallInfisicalCertificateParameters.PassThru = $True
$UninstallInfisicalCertificateParameters.Verbose = $True
$UninstallInfisicalCertificateResult = Uninstall-InfisicalCertificate @UninstallInfisicalCertificateParameters</dev:code>
<dev:remarks><maml:para>Picks the revoked host certificate and removes it from LocalMachine\My using its SHA1 fingerprint, emitting the removed object for the audit trail.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalCertificateApplication</command:name>
<maml:description><maml:para>Lists or retrieves an Infisical Certificate Manager Application from the supplied project.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalCertificateApplication</command:noun>
</command:details>
<maml:description>
<maml:para>Reads Infisical certificate-manager Applications (the join target used by EST/ACME/SCEP profile attachments) for the supplied project. The List parameter set returns all applications visible to the caller; the ById and ByName sets return a single application. -ProjectId is required.</maml:para>
</maml:description>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalCertificateApplication -ProjectId $ProjectId</dev:code>
<dev:remarks><maml:para>Lists certificate-manager applications for the supplied project.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>Get-InfisicalCertificateApplication -ApplicationName 'workstation-mdm' -ProjectId $ProjectId</dev:code>
<dev:remarks><maml:para>Retrieves a single application by name.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>$GetInfisicalCertificateApplicationParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$GetInfisicalCertificateApplicationParameters.Id = $ApplicationId
$GetInfisicalCertificateApplicationParameters.ProjectId = $ProjectId
$GetInfisicalCertificateApplicationParameters.Verbose = $True
$GetInfisicalCertificateApplicationResult = Get-InfisicalCertificateApplication @GetInfisicalCertificateApplicationParameters</dev:code>
<dev:remarks><maml:para>Retrieves a single application by id from an explicit project.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalCertificateApplicationEnrollment</command:name>
<maml:description><maml:para>Retrieves the API/EST/ACME/SCEP enrollment configuration attached to an application/profile pair.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalCertificateApplicationEnrollment</command:noun>
</command:details>
<maml:description>
<maml:para>Returns the InfisicalCertificateApplicationEnrollment for the given application and certificate profile, including any configured SCEP sub-block (server URL, RA certificate PEM, computed SHA-1 RaCertificateThumbprint, challenge type, and challenge endpoint URL when dynamic).</maml:para>
</maml:description>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalCertificateApplicationEnrollment -ApplicationId $AppId -ProfileId $ProfileId</dev:code>
<dev:remarks><maml:para>Fetches the enrollment configuration for an application/profile pair.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$GetInfisicalCertificateApplicationEnrollmentParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$GetInfisicalCertificateApplicationEnrollmentParameters.ApplicationId = $ApplicationId
$GetInfisicalCertificateApplicationEnrollmentParameters.ProfileId = $ProfileId
$GetInfisicalCertificateApplicationEnrollmentParameters.Verbose = $True
$GetInfisicalCertificateApplicationEnrollmentResult = Get-InfisicalCertificateApplicationEnrollment @GetInfisicalCertificateApplicationEnrollmentParameters</dev:code>
<dev:remarks><maml:para>Retrieves the enrollment configuration and feeds it downstream to Get-InfisicalScepMdmProfile.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>New-InfisicalScepDynamicChallenge</command:name>
<maml:description><maml:para>Generates a one-time SCEP challenge from an application/profile that is configured with dynamic challenge mode.</maml:para></maml:description>
<command:verb>New</command:verb>
<command:noun>InfisicalScepDynamicChallenge</command:noun>
</command:details>
<maml:description>
<maml:para>POSTs to /scep/applications/{applicationId}/profiles/{profileId}/challenge and returns the minted challenge as a SecureString. Use -AsPlainText to return a string instead. Requires the active machine identity to have read access on certificate-application-enrollment, and the target SCEP profile must be set to challengeType=dynamic. Dynamic challenges are an Enterprise-tier feature on managed Infisical deployments.</maml:para>
</maml:description>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>$Challenge = New-InfisicalScepDynamicChallenge -ApplicationId $AppId -ProfileId $ProfileId</dev:code>
<dev:remarks><maml:para>Mints a single-use SCEP challenge and stores it as a SecureString.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$NewInfisicalScepDynamicChallengeParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$NewInfisicalScepDynamicChallengeParameters.ApplicationId = $ApplicationId
$NewInfisicalScepDynamicChallengeParameters.ProfileId = $ProfileId
$NewInfisicalScepDynamicChallengeParameters.AsPlainText = $True
$NewInfisicalScepDynamicChallengeParameters.Verbose = $True
$NewInfisicalScepDynamicChallengeResult = New-InfisicalScepDynamicChallenge @NewInfisicalScepDynamicChallengeParameters</dev:code>
<dev:remarks><maml:para>Mints a plain-text challenge for use in environments where SecureString is inconvenient.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalScepMdmProfile</command:name>
<maml:description><maml:para>Builds an Infisical SCEP MDM profile model from an application enrollment, certificate profile, or fully manual inputs.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalScepMdmProfile</command:noun>
</command:details>
<maml:description>
<maml:para>Produces an InfisicalScepMdmProfile that mirrors the Windows ClientCertificateInstall/SCEP CSP node set. FromEnrollment (default) consumes an InfisicalCertificateApplicationEnrollment and auto-fills ServerUrl from scep.scepEndpointUrl and CAThumbprint from the RA certificate; if the enrollment is configured for dynamic challenge mode, a fresh challenge is minted automatically when -Challenge is not supplied. FromProfile keeps the legacy projection from an InfisicalCertificateProfile and now requires -ApplicationId so the server URL can be built against /scep/applications/{appId}/profiles/{profileId}/pkiclient.exe. Manual requires explicit -ServerUrl, -Challenge, and -UniqueId.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>The SCEP endpoint URL ends in 'pkiclient.exe' for RFC 8894 / Cisco SCEP client compatibility. SecureString -Challenge is decrypted into the model only at write-time.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalCertificateApplicationEnrollment -ApplicationId $AppId -ProfileId $ProfileId | Get-InfisicalScepMdmProfile</dev:code>
<dev:remarks><maml:para>Builds a SCEP MDM profile from an enrollment, auto-resolving ServerUrl, CAThumbprint, and (for dynamic mode) the challenge.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>Get-InfisicalCertificateProfile -CertificateProfileId $ProfileId | Get-InfisicalScepMdmProfile -ApplicationId $AppId -Challenge (Read-Host -AsSecureString 'SCEP challenge')</dev:code>
<dev:remarks><maml:para>Builds a profile from a certificate profile (legacy path) with an explicit application id and static challenge.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>$GetInfisicalScepMdmProfileParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$GetInfisicalScepMdmProfileParameters.EnrollmentObject = $Enrollment
$GetInfisicalScepMdmProfileParameters.UniqueId = 'WindowsClientAuth'
$GetInfisicalScepMdmProfileParameters.Scope = 'Device'
$GetInfisicalScepMdmProfileParameters.SubjectName = "CN=$($env:COMPUTERNAME)"
$GetInfisicalScepMdmProfileParameters.KeyLength = 2048
$GetInfisicalScepMdmProfileParameters.HashAlgorithm = 'SHA256'
$GetInfisicalScepMdmProfileParameters.ValidPeriod = 'Years'
$GetInfisicalScepMdmProfileParameters.ValidPeriodUnits = 1
$GetInfisicalScepMdmProfileParameters.Verbose = $True
$GetInfisicalScepMdmProfileResult = Get-InfisicalScepMdmProfile @GetInfisicalScepMdmProfileParameters</dev:code>
<dev:remarks><maml:para>Builds a device-scope SCEP MDM profile from an enrollment with overridden subject and key parameters.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Export-InfisicalScepMdmProfile</command:name>
<maml:description><maml:para>Writes an InfisicalScepMdmProfile to disk as a SyncML payload suitable for MDM delivery.</maml:para></maml:description>
<command:verb>Export</command:verb>
<command:noun>InfisicalScepMdmProfile</command:noun>
</command:details>
<maml:description>
<maml:para>Serializes the supplied InfisicalScepMdmProfile via ToSyncMl() and writes the result to -Path as UTF-8 (no BOM). Auto-creates the target directory. If the file exists and -Force is not specified the cmdlet logs a warning and returns instead of throwing. Honors -WhatIf and -Confirm. -PassThru emits the resulting FileInfo.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>The generated SyncML is round-trip-validated through XmlReader before being written. Pair with Write-InfisicalScepMdmProfileToWmi to apply the same model to the local MDM Bridge instead of exporting to a file.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>$Profile | Export-InfisicalScepMdmProfile -Path 'C:\Temp\scep.syncml' -Force</dev:code>
<dev:remarks><maml:para>Writes the SyncML payload for the supplied SCEP MDM profile, overwriting any existing file.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$ExportInfisicalScepMdmProfileParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$ExportInfisicalScepMdmProfileParameters.InputObject = $Profile
$ExportInfisicalScepMdmProfileParameters.Path = "C:\ProgramData\Infisical\scep-$($Profile.UniqueId).syncml"
$ExportInfisicalScepMdmProfileParameters.Force = $True
$ExportInfisicalScepMdmProfileParameters.PassThru = $True
$ExportInfisicalScepMdmProfileParameters.Verbose = $True
$ExportInfisicalScepMdmProfileResult = Export-InfisicalScepMdmProfile @ExportInfisicalScepMdmProfileParameters</dev:code>
<dev:remarks><maml:para>Writes the SyncML payload to a per-profile path under ProgramData and returns the resulting FileInfo.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Write-InfisicalScepMdmProfileToWmi</command:name>
<maml:description><maml:para>Submits an InfisicalScepMdmProfile to the local Windows MDM Bridge WMI provider to trigger SCEP enrollment.</maml:para></maml:description>
<command:verb>Write</command:verb>
<command:noun>InfisicalScepMdmProfileToWmi</command:noun>
</command:details>
<maml:description>
<maml:para>Creates a new CIM instance under the MDM Bridge namespace (default: root/cimv2/mdm/dmmap, class MDM_ClientCertificateInstall_SCEP02) by invoking New-CimInstance through the host runspace. Honors -WhatIf and -Confirm. -PassThru emits the resulting CIM instance. Throws PlatformNotSupportedException off Windows. Device-scope enrollment requires an elevated session; pass -SkipElevationCheck to bypass the guard.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>The MDM Bridge WMI provider runs the enrollment asynchronously; success here means the enrollment was submitted, not that a certificate has been issued. Inspect the corresponding ClientCertificateInstall/SCEP/&lt;UniqueId&gt;/Install nodes for status. Override -ClassName when targeting a different SCEP CSP version on the host.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>$Profile | Write-InfisicalScepMdmProfileToWmi -PassThru</dev:code>
<dev:remarks><maml:para>Submits the SCEP MDM profile to the local MDM Bridge and emits the created CIM instance.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$WriteInfisicalScepMdmProfileToWmiParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$WriteInfisicalScepMdmProfileToWmiParameters.InputObject = $Profile
$WriteInfisicalScepMdmProfileToWmiParameters.Namespace = 'root/cimv2/mdm/dmmap'
$WriteInfisicalScepMdmProfileToWmiParameters.ClassName = 'MDM_ClientCertificateInstall_SCEP02'
$WriteInfisicalScepMdmProfileToWmiParameters.SkipElevationCheck = $False
$WriteInfisicalScepMdmProfileToWmiParameters.PassThru = $True
$WriteInfisicalScepMdmProfileToWmiParameters.Verbose = $True
$WriteInfisicalScepMdmProfileToWmiResult = Write-InfisicalScepMdmProfileToWmi @WriteInfisicalScepMdmProfileToWmiParameters</dev:code>
<dev:remarks><maml:para>Submits a device-scope SCEP enrollment through the MDM Bridge and returns the CIM instance for downstream inspection.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Start-InfisicalProcess</command:name>
<maml:description><maml:para>Starts a child process with Infisical secrets injected directly into its environment block.</maml:para></maml:description>
<command:verb>Start</command:verb>
<command:noun>InfisicalProcess</command:noun>
</command:details>
<maml:description>
<maml:para>Launches the executable specified by -FilePath, captures stdout/stderr, validates the exit code against -AcceptableExitCodeList, and optionally parses output with -ParsingExpression. InfisicalSecret objects supplied via -Secret (pipeline or by name) are decrypted into the ProcessStartInfo.Environment dictionary only, never written to the user or machine scope; -Prefix prepends a string to each injected variable name, skipping names that already start with -Prefix (case-insensitive) unless -ForcePrefix is supplied. -EnvironmentVariables adds additional non-secret values. -ExecutionTimeout, -NoWait, -CreateNoWindow, -WindowStyle, -Priority, -StandardInputObjectList, -SecureArgumentList, -LogOutput, and -ContinueOnError mirror the semantics of the upstream Start-ProcessWithOutput helper. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Secret values exist as plain strings only within the child process environment block; they are never persisted to the calling shell, the user scope, or the machine scope. Use -SecureArgumentList to mask sensitive command-line arguments in verbose output.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalSecret -SecretPath '/build' | Start-InfisicalProcess -FilePath 'dotnet.exe' -ArgumentList @('publish','-c','Release') -AcceptableExitCodeList @('0') -CreateNoWindow</dev:code>
<dev:remarks><maml:para>Decrypts every secret at /build, exposes each one as a process environment variable, and runs dotnet publish with no visible window.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$Secrets = Get-InfisicalSecret -SecretPath '/runtime'
Start-InfisicalProcess -FilePath 'node.exe' -ArgumentList @('app.js') -Secret $Secrets -Prefix 'APP_' -ExecutionTimeout ([TimeSpan]::FromMinutes(5)) -LogOutput</dev:code>
<dev:remarks><maml:para>Injects the /runtime secrets as APP_-prefixed environment variables, runs node app.js, and forcibly terminates the process after five minutes if it has not exited.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>$StartInfisicalProcessParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$StartInfisicalProcessParameters.FilePath = 'pwsh.exe'
$StartInfisicalProcessParameters.ArgumentList = @('-NoProfile','-Command','Write-Host $env:DEPLOY_TOKEN.Length')
$StartInfisicalProcessParameters.Secret = Get-InfisicalSecret -SecretPath '/deploy'
$StartInfisicalProcessParameters.Prefix = 'DEPLOY_'
$StartInfisicalProcessParameters.AcceptableExitCodeList = @('0')
$StartInfisicalProcessParameters.CreateNoWindow = $True
$StartInfisicalProcessParameters.SecureArgumentList = $True
$StartInfisicalProcessParameters.LogOutput = $True
$StartInfisicalProcessParameters.Verbose = $True
$StartInfisicalProcessResult = Start-InfisicalProcess @StartInfisicalProcessParameters</dev:code>
<dev:remarks><maml:para>Splatted invocation that runs pwsh with DEPLOY_-prefixed secrets in scope, masks the command line in verbose output, and echoes both stdout and stderr to the verbose stream after exit.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalEnvironmentVariable</command:name>
<maml:description><maml:para>Reads an environment variable from the first scope that has a non-empty value (Process > User > Machine).</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalEnvironmentVariable</command:noun>
</command:details>
<maml:description>
<maml:para>Returns the value of -Name from the first scope that contains a non-empty value, checking Process, then User, then Machine in that order. Emits nothing when the variable is missing or blank in every scope, so an assignment yields $null without writing errors or warnings. Platform-unsupported scopes (User and Machine on non-Windows) are silently skipped.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Designed for the same discovery semantics the rest of PSInfisicalAPI uses when resolving connection inputs from the environment. Pipe-friendly: accepts -Name from the pipeline by value and by property name.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>$Value = Get-InfisicalEnvironmentVariable -Name 'INFISICAL_CLIENT_ID'</dev:code>
<dev:remarks><maml:para>Returns the first non-empty value of INFISICAL_CLIENT_ID across Process, User, and Machine scopes; assigns $null when the variable is unset everywhere.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>@('INFISICAL_BASE_URI','INFISICAL_PROJECT_ID') | Get-InfisicalEnvironmentVariable</dev:code>
<dev:remarks><maml:para>Pipes a list of variable names through the cmdlet and emits one value per name that is set in any scope.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalOrganization</command:name>
<maml:description><maml:para>Lists or retrieves Infisical organizations accessible to the current identity.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalOrganization</command:noun>
</command:details>
<maml:description>
<maml:para>Default (List parameter set) returns every organization the active session can see; visibility is governed by Infisical's role assignments. When -OrganizationId is supplied (Single parameter set) the cmdlet returns one organization. Does not require a project context.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>The List-mode result is an array of InfisicalOrganization objects; pipe into Where-Object or Select-Object to filter by Slug, Name, or Id. The cmdlet accepts pipeline input by property name on -OrganizationId.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalOrganization</dev:code>
<dev:remarks><maml:para>Lists every organization the current session can see.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>Get-InfisicalOrganization -OrganizationId $OrganizationId</dev:code>
<dev:remarks><maml:para>Retrieves the canonical record for a single organization by id.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>New-InfisicalOrganization</command:name>
<maml:description><maml:para>Creates a new Infisical organization.</maml:para></maml:description>
<command:verb>New</command:verb>
<command:noun>InfisicalOrganization</command:noun>
</command:details>
<maml:description>
<maml:para>Creates a new organization with the supplied name and optional slug. Honors -WhatIf and -Confirm. Requires server-side permission to create organizations.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Slug must be unique server-side; if omitted, the server derives one from the name.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>New-InfisicalOrganization -Name 'Acme Corporation'</dev:code>
<dev:remarks><maml:para>Creates a new organization named 'Acme Corporation' with a server-derived slug.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$NewInfisicalOrganizationParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$NewInfisicalOrganizationParameters.Name = 'Acme Corporation'
$NewInfisicalOrganizationParameters.Slug = 'acme-corp'
$NewInfisicalOrganizationParameters.Verbose = $True
$NewInfisicalOrganizationResult = New-InfisicalOrganization @NewInfisicalOrganizationParameters</dev:code>
<dev:remarks><maml:para>Creates an organization with an explicit slug.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Update-InfisicalOrganization</command:name>
<maml:description><maml:para>Updates mutable attributes on an existing Infisical organization.</maml:para></maml:description>
<command:verb>Update</command:verb>
<command:noun>InfisicalOrganization</command:noun>
</command:details>
<maml:description>
<maml:para>Updates the name or slug of an organization. -OrganizationId is required. Only bound parameters are transmitted. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Renaming or re-slugging an organization may affect billing exports and identity URLs; coordinate with downstream consumers.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Update-InfisicalOrganization -OrganizationId $OrganizationId -Name 'Acme Corp.'</dev:code>
<dev:remarks><maml:para>Renames the supplied organization.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$UpdateInfisicalOrganizationParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$UpdateInfisicalOrganizationParameters.OrganizationId = $OrganizationId
$UpdateInfisicalOrganizationParameters.Name = 'Acme Corp.'
$UpdateInfisicalOrganizationParameters.Slug = 'acme-corp'
$UpdateInfisicalOrganizationParameters.Verbose = $True
$UpdateInfisicalOrganizationResult = Update-InfisicalOrganization @UpdateInfisicalOrganizationParameters</dev:code>
<dev:remarks><maml:para>Renames the organization and updates its slug.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Remove-InfisicalOrganization</command:name>
<maml:description><maml:para>Deletes an Infisical organization.</maml:para></maml:description>
<command:verb>Remove</command:verb>
<command:noun>InfisicalOrganization</command:noun>
</command:details>
<maml:description>
<maml:para>Deletes an organization by id. -OrganizationId is required. High ConfirmImpact prompts unless -Confirm:$False is supplied. -PassThru emits the removed organization id.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>This is irreversible and removes all projects, sub-organizations, secrets, and identities owned by the organization. Honors -WhatIf and -Confirm.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Remove-InfisicalOrganization -OrganizationId $OrganizationId -Confirm:$False</dev:code>
<dev:remarks><maml:para>Deletes the supplied organization without prompting.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$RemoveInfisicalOrganizationParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$RemoveInfisicalOrganizationParameters.OrganizationId = $OrganizationId
$RemoveInfisicalOrganizationParameters.PassThru = $True
$RemoveInfisicalOrganizationParameters.Confirm = $False
$RemoveInfisicalOrganizationParameters.Verbose = $True
$RemoveInfisicalOrganizationResult = Remove-InfisicalOrganization @RemoveInfisicalOrganizationParameters</dev:code>
<dev:remarks><maml:para>Removes the organization without confirmation and emits the removed organization id for logging.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalSubOrganization</command:name>
<maml:description><maml:para>Lists or retrieves Infisical sub-organizations accessible to the current identity.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalSubOrganization</command:noun>
</command:details>
<maml:description>
<maml:para>Default (List parameter set) returns every sub-organization the active session can see. Optional -Limit, -Offset, -Search, -OrderBy, -OrderDirection, and -IsAccessible are forwarded to the server as query parameters. When -SubOrganizationId is supplied (Single parameter set) the cmdlet returns one sub-organization. Does not require a project context.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Sub-organizations are a beta Infisical feature. The List result is an array of InfisicalSubOrganization objects; pipe into Where-Object or Select-Object to filter further. The cmdlet accepts pipeline input by property name on -SubOrganizationId.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalSubOrganization</dev:code>
<dev:remarks><maml:para>Lists every sub-organization the current session can see.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>Get-InfisicalSubOrganization -SubOrganizationId $SubOrganizationId</dev:code>
<dev:remarks><maml:para>Retrieves the canonical record for a single sub-organization by id.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>Get-InfisicalSubOrganization -Search 'platform' -OrderBy 'name' -OrderDirection 'asc' -Limit 25 -IsAccessible</dev:code>
<dev:remarks><maml:para>Lists up to 25 sub-organizations matching 'platform', sorted ascending by name, restricted to those the current identity has access to.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>New-InfisicalSubOrganization</command:name>
<maml:description><maml:para>Creates a new Infisical sub-organization.</maml:para></maml:description>
<command:verb>New</command:verb>
<command:noun>InfisicalSubOrganization</command:noun>
</command:details>
<maml:description>
<maml:para>Creates a sub-organization with the supplied name and slug. Both are required by the server. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Slug must be unique within the parent organization. Sub-organizations are a beta Infisical feature.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>New-InfisicalSubOrganization -Name 'Platform Engineering' -Slug 'platform-eng'</dev:code>
<dev:remarks><maml:para>Creates a new sub-organization named 'Platform Engineering' with slug 'platform-eng'.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$NewInfisicalSubOrganizationParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$NewInfisicalSubOrganizationParameters.Name = 'Platform Engineering'
$NewInfisicalSubOrganizationParameters.Slug = 'platform-eng'
$NewInfisicalSubOrganizationParameters.Verbose = $True
$NewInfisicalSubOrganizationResult = New-InfisicalSubOrganization @NewInfisicalSubOrganizationParameters</dev:code>
<dev:remarks><maml:para>Splatted invocation that creates a sub-organization and logs the request via the verbose stream.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Update-InfisicalSubOrganization</command:name>
<maml:description><maml:para>Updates mutable attributes on an existing Infisical sub-organization.</maml:para></maml:description>
<command:verb>Update</command:verb>
<command:noun>InfisicalSubOrganization</command:noun>
</command:details>
<maml:description>
<maml:para>Updates the name or slug of a sub-organization. -SubOrganizationId is required. Only bound parameters are transmitted. Honors -WhatIf and -Confirm.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Sub-organizations are a beta Infisical feature; coordinate slug changes with downstream consumers that pin the slug in scripts or configuration files.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Update-InfisicalSubOrganization -SubOrganizationId $SubOrganizationId -Name 'Platform (v2)'</dev:code>
<dev:remarks><maml:para>Renames the supplied sub-organization.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$UpdateInfisicalSubOrganizationParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$UpdateInfisicalSubOrganizationParameters.SubOrganizationId = $SubOrganizationId
$UpdateInfisicalSubOrganizationParameters.Name = 'Platform (v2)'
$UpdateInfisicalSubOrganizationParameters.Slug = 'platform-v2'
$UpdateInfisicalSubOrganizationParameters.Verbose = $True
$UpdateInfisicalSubOrganizationResult = Update-InfisicalSubOrganization @UpdateInfisicalSubOrganizationParameters</dev:code>
<dev:remarks><maml:para>Renames the sub-organization and updates its slug in a single call.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Remove-InfisicalSubOrganization</command:name>
<maml:description><maml:para>Deletes an Infisical sub-organization.</maml:para></maml:description>
<command:verb>Remove</command:verb>
<command:noun>InfisicalSubOrganization</command:noun>
</command:details>
<maml:description>
<maml:para>Deletes a sub-organization by id. -SubOrganizationId is required. High ConfirmImpact prompts unless -Confirm:$False is supplied. -PassThru emits the removed sub-organization id.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>This is destructive and removes all projects, secrets, and identities scoped to the sub-organization. Honors -WhatIf and -Confirm.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Remove-InfisicalSubOrganization -SubOrganizationId $SubOrganizationId -Confirm:$False</dev:code>
<dev:remarks><maml:para>Deletes the supplied sub-organization without prompting.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$RemoveInfisicalSubOrganizationParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$RemoveInfisicalSubOrganizationParameters.SubOrganizationId = $SubOrganizationId
$RemoveInfisicalSubOrganizationParameters.PassThru = $True
$RemoveInfisicalSubOrganizationParameters.Confirm = $False
$RemoveInfisicalSubOrganizationParameters.Verbose = $True
$RemoveInfisicalSubOrganizationResult = Remove-InfisicalSubOrganization @RemoveInfisicalSubOrganizationParameters</dev:code>
<dev:remarks><maml:para>Removes the sub-organization without confirmation and emits the removed id for logging.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
<command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10">
<command:details>
<command:name>Get-InfisicalSANList</command:name>
<maml:description><maml:para>Builds a deduplicated list of Subject Alternative Name candidates for the local device.</maml:para></maml:description>
<command:verb>Get</command:verb>
<command:noun>InfisicalSANList</command:noun>
</command:details>
<maml:description>
<maml:para>Returns, in order: the local device name; the device name suffixed with each non-empty DNS suffix found on any operational (non-loopback) network adapter and the system primary domain; every IPv4 unicast address whose first octets fall within RFC 1918 (10/8, 172.16/12, 192.168/16) or CGNAT (100.64/10); and the IPv4 and IPv6 loopback addresses (127.0.0.1, ::1). Optional -InclusionExpression and -ExclusionExpression regex filters are applied in that order after collection, before output. Suitable as a one-shot SAN provider for Request-InfisicalCertificate -DnsName.</maml:para>
</maml:description>
<maml:alertSet>
<maml:title>Notes</maml:title>
<maml:alert>
<maml:para>Output is a single strongly-typed System.String[] array (emitted non-enumerated) so it round-trips into [System.Collections.Generic.List[string]]::AddRange() and binds directly to string[] parameters such as Request-InfisicalCertificate -DnsName. The device name comes first so it can be reused as a CommonName. Routable public IPv4 addresses, link-local addresses, and IPv6 unicast addresses other than loopback are intentionally excluded. -InclusionExpression and -ExclusionExpression are case-insensitive .NET regular expressions; inclusion is applied first, then exclusion.</maml:para>
</maml:alert>
</maml:alertSet>
<command:examples>
<command:example>
<maml:title>EXAMPLE 1</maml:title>
<dev:code>Get-InfisicalSANList</dev:code>
<dev:remarks><maml:para>Returns the SAN candidate list for the current device.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 2</maml:title>
<dev:code>$Sans = Get-InfisicalSANList
Request-InfisicalCertificate -ProjectId $ProjectId -CertificateAuthorityId $CaId -CommonName $Sans[0] -DnsName $Sans -Ttl '90d'</dev:code>
<dev:remarks><maml:para>Captures the SAN list, then uses the device name as the CommonName and the full list as DnsName when requesting a certificate.</maml:para></dev:remarks>
</command:example>
<command:example>
<maml:title>EXAMPLE 3</maml:title>
<dev:code>$GetInfisicalSANListParameters = New-Object -TypeName 'System.Collections.Specialized.OrderedDictionary' -ArgumentList ([System.StringComparer]::OrdinalIgnoreCase)
$GetInfisicalSANListParameters.InclusionExpression = '\.gracesolution\.prv$|^10\.|^172\.'
$GetInfisicalSANListParameters.ExclusionExpression = '^127\.|^::1$'
$Sans = Get-InfisicalSANList @GetInfisicalSANListParameters</dev:code>
<dev:remarks><maml:para>Keeps only entries ending in the corporate DNS suffix or sitting in the 10/8 or 172/12 ranges, then drops loopback. Filters are case-insensitive and applied in fetch -> include -> exclude -> output order.</maml:para></dev:remarks>
</command:example>
</command:examples>
</command:command>
</helpItems>
Reference in New Issue View Git Blame Copy Permalink