en-us/about_SecretManagement.Hashicorp.Vault.KV.Extension.Help.txt

TOPIC
    about_SecretManagement.Hashicorp.Vault.KV.Extension

SHORT DESCRIPTION
    Guide for using the Hashicorp Vault KV SecretManagement extension

LONG DESCRIPTION

QUICKSTART
When registering a vault you need to provide at least these options:

Register-SecretVault -ModuleName SecretManagement.Hashicorp.Vault.KV -Name PowerShellTest
-VaultParameters @{ VaultServer = 'http://vault.domain.local:8200'; VaultAuthType = 'Token'}

The vault name should match exactly, as Hashicorp vault is case sensitive.
If no VaultParameters are provided the functions will prompt you on the first execution in your session.
Additionally you may provide which version of KV you are using when registering.
It defaults to version 2 of KV.

If you are wanting to run against a version 1 KV
$VaultParameters = @{ VaultServer = 'https://vault-cluster.domain.local'
   VaultAuthType="userpass"
   KVVersion = 'v1'}
Register-SecretVault -ModuleName SecretManagement.Hashicorp.Vault.KV -Name PowerShellTest
-VaultParameters $VaultParameters

If you stored you secrets in a flat structure (i.e. no slashes in your path),
You may want to return all secrets as a PSCredential. You can do this by providing the following:
$VaultParameters @{ ...
    OutputType = 'PSCredential'
}

KV Version 2 distinctions
- Get-Secret only retrieves the newest secret
- Get-SecretInfo retrieves the Hashicorp Metadata.
- Set-Secret Adds/Updates without CheckAndSet. Althought it can be passed with `-Metadata @{cas=<versionNumber>}`
- Remove-Secret Removes the latest version of a secret (if you have the permission to do this)

REGISTRATION PARAMETERS
    When registering a vault in SecretManagement there are several options you may provide:
        VaultServer - The base URL to the Vault instance (example: https://something.org:8200)
        VaultAuthType - The type of auth you will use to retrieve a token
        VaultToken - The Vault Token you are using. This must be input as ConvertFrom-SecureString output.
        VaultAPIVersion - Defaults to v1
        VaultSkipVerify - To disable HTTPS certificate checks (e.g. self-signed certs). Defaults as $false
        KVVersion - Defaults to v2
        OutputType - Defaults to Hashtable
        Verbose - Supported by SecretManagement

SUPPORTED AUTHENTICATION TYPES
    Hashicorp supports multiple ways of authenticating to retrieve a token.
    This extension currently only supports the following:
        AppRole
        LDAP
        UserPass
        Token

SUPPORTED OUTPUT TYPES
    This extension currently supports to major output types:
        Hashtable (default)
        PSCredential

    By default SecretManagement turns any plaintext password field into a SecureString.
    Use -AsPlainText switch to return the hashtable in plaintext.


KEYWORDS
    SecretManagement HashiCorp Secret Vault

SEEALSO
    https://www.vaultproject.io/docs/secrets/kv