Private/Hide-SecretValue.ps1
|
Function Hide-SecretValue { <# .SYNOPSIS Hide a secret value by converting it to "******" .DESCRIPTION Matches a pattern in a string which is expected to contain a secret value. Replaces all secret values with "******", and returns a sanitised string. Enables a command string to be included in debug/verbose streams without exposing secret values. .PARAMETER InputValue Command String .PARAMETER SecretsToRemove Any additional command parameters which should be sanitised. .PARAMETER Secrets PoShPACLI default parameters known to contain secrets .EXAMPLE Hide-SecretValue -inputValue 'user="administrator" password="SecretValue" sessionID=666 vault="somevault"' user="administrator" password="******" sessionID=666 vault="somevault" Masks secret value in command string #> [CmdletBinding()] [OutputType('System.String')] param( [parameter( Position = 0, Mandatory = $false, ValueFromPipeline = $true)] [String]$InputValue, [parameter( Mandatory = $false)] [array]$SecretsToRemove = @(), [parameter( Mandatory = $false)] [array]$Secrets = @( "password", "newPassword", "proxyPassword" ) ) BEGIN { }#begin PROCESS { $OutputValue = $InputValue #Combine base parameters and any additional parameters to remove ($SecretsToRemove + $Secrets) | ForEach-Object { $OutputValue = $OutputValue -replace '(password=")\S+', "`$1******`"" } }#process END { #Return Output $OutputValue }#end } |