en-us/about_SecretManagement.Hashicorp.Vault.KV.Extension.Help.txt
TOPIC about_SecretManagement.Hashicorp.Vault.KV.Extension SHORT DESCRIPTION Guide for using the Hashicorp Vault KV SecretManagement extension LONG DESCRIPTION QUICKSTART When registering a vault you need to provide at least these options: Register-SecretVault -ModuleName SecretManagement.Hashicorp.Vault.KV -Name PowerShellTest -VaultParameters @{ VaultServer = 'http://vault.domain.local:8200'; VaultAuthType = 'Token'} The vault name should match exactly, as Hashicorp vault is case sensitive. If no VaultParameters are provided the functions will prompt you on the first execution in your session. Additionally you may provide which version of KV you are using when registering. It defaults to version 2 of KV. If you are wanting to run against a version 1 KV $VaultParameters = @{ VaultServer = 'https://vault-cluster.domain.local' VaultAuthType="userpass" KVVersion = 'v1'} Register-SecretVault -ModuleName SecretManagement.Hashicorp.Vault.KV -Name PowerShellTest -VaultParameters $VaultParameters If you stored you secrets in a flat structure (i.e. no slashes in your path), You may want to return all secrets as a PSCredential. You can do this by providing the following: $VaultParameters @{ ... OutputType = 'PSCredential' } KV Version 2 distinctions - Get-Secret only retrieves the newest secret - Get-SecretInfo retrieves the Hashicorp Metadata. - Set-Secret Adds/Updates without CheckAndSet. Althought it can be passed with `-Metadata @{cas=<versionNumber>}` - Remove-Secret Removes the latest version of a secret (if you have the permission to do this) REGISTRATION PARAMETERS When registering a vault in SecretManagement there are several options you may provide: VaultServer - The base URL to the Vault instance (example: https://something.org:8200) VaultAuthType - The type of auth you will use to retrieve a token VaultToken - The Vault Token you are using. This must be input as ConvertFrom-SecureString output. VaultAPIVersion - Defaults to v1 KVVersion - Defaults to v2 OutputType - Defaults to Hashtable Verbose - Supported by SecretManagement SUPPORTED AUTHENTICATION TYPES Hashicorp supports multiple ways of authenticating to retrieve a token. This extension currently only supports the following: AppRole LDAP UserPass Token SUPPORTED OUTPUT TYPES This extension currently supports to major output types: Hashtable (default) PSCredential By default SecretManagement turns any plaintext password field into a SecureString. Use -AsPlainText switch to return the hashtable in plaintext. KEYWORDS SecretManagement HashiCorp Secret Vault SEEALSO https://www.vaultproject.io/docs/secrets/kv |