protected override void EndProcessing()
{
SecureString newPassword;
SecureString oldPassword;
switch (ParameterSetName)
{
case NoParameterSet:
oldPassword = Utils.PromptForPassword(
cmdlet: this,
verifyPassword: false,
message: "Old password");
newPassword = Utils.PromptForPassword(
cmdlet: this,
verifyPassword: true,
message: "New password");
break;
case ParameterSet:
oldPassword = Utils.CheckPassword(Password);
newPassword = Utils.CheckPassword(NewPassword);
break;
default:
throw new InvalidOperationException("Unknown parameter set");
}
LocalSecretStore.GetInstance(password: oldPassword).UpdatePassword(
newPassword,
oldPassword);
}
private void RemoveParamSecrets(
Hashtable vaultInfo,
string ParametersNameKey)
{
if (vaultInfo != null && vaultInfo.ContainsKey(ParametersNameKey))
{
var parametersName = (string)vaultInfo[ParametersNameKey];
if (!string.IsNullOrEmpty(parametersName))
{
int errorCode = 0;
if (!LocalSecretStore.DeleteObject(parametersName, ref errorCode))
{
var errorMessage = LocalSecretStore.GetErrorMessage(errorCode);
var msg = string.Format(CultureInfo.InvariantCulture,
"Removal of vault info script parameters {0} failed with error {1}", parametersName, errorMessage);
WriteError(
new ErrorRecord(
new PSInvalidOperationException(msg),
"UnregisterSecretsVaultRemoveScriptParametersFailed",
ErrorCategory.InvalidOperation,
this));
}
}
}
}
protected override void EndProcessing()
{
var password = Utils.CheckPassword(Password);
LocalSecretStore.GetInstance(password: password).UnlockLocalStore(
password: password,
passwordTimeout: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordTimeout)) ?
(int?)PasswordTimeout : null);
}
protected override void EndProcessing()
{
var passwordToSet = (ParameterSetName == StringParameterSet) ? Utils.ConvertToSecureString(Password) : SecureStringPassword;
LocalSecretStore.GetInstance(
password: passwordToSet).UnlockLocalStore(
password: passwordToSet,
passwordTimeout: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordTimeout)) ?
(int?)PasswordTimeout : null);
}
protected override void EndProcessing()
{
if (Scope == SecureStoreScope.AllUsers)
{
ThrowTerminatingError(
new ErrorRecord(
exception: new PSNotSupportedException("AllUsers scope is not yet supported."),
errorId: "SecretStoreConfigurationNotSupported",
errorCategory: ErrorCategory.NotEnabled,
this));
}
if (!Force && !ShouldProcess(
target: "SecretStore module local store",
action: "Changes local store configuration"))
{
return;
}
var oldConfigData = LocalSecretStore.GetInstance(cmdlet: this).Configuration;
SecureStoreConfig newConfigData;
if (ParameterSetName == ParameterSet)
{
newConfigData = new SecureStoreConfig(
scope: MyInvocation.BoundParameters.ContainsKey(nameof(Scope)) ? Scope : oldConfigData.Scope,
authentication: MyInvocation.BoundParameters.ContainsKey(nameof(Authentication)) ? Authentication : oldConfigData.Authentication,
passwordTimeout: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordTimeout)) ? PasswordTimeout : oldConfigData.PasswordTimeout,
interaction: MyInvocation.BoundParameters.ContainsKey(nameof(Interaction)) ? Interaction : oldConfigData.Interaction);
}
else
{
newConfigData = SecureStoreConfig.GetDefault();
}
if (!LocalSecretStore.GetInstance(cmdlet: this).UpdateConfiguration(
newConfigData: newConfigData,
cmdlet: this,
out string errorMsg))
{
ThrowTerminatingError(
new ErrorRecord(
exception: new PSInvalidOperationException(errorMsg),
errorId: "SecretStoreConfigurationUpdateFailed",
errorCategory: ErrorCategory.InvalidOperation,
this));
}
if (PassThru.IsPresent)
{
WriteObject(newConfigData);
}
}
protected override void EndProcessing()
{
SecureString newPassword;
SecureString oldPassword;
oldPassword = Utils.PromptForPassword(
cmdlet: this,
verifyPassword: false,
message: "Old password");
newPassword = Utils.PromptForPassword(
cmdlet: this,
verifyPassword: true,
message: "New password");
LocalSecretStore.GetInstance(password: oldPassword).UpdatePassword(
newPassword,
oldPassword);
}
protected override void EndProcessing()
{
if (!Force && !ShouldProcess(
target: "SecretStore module local store",
action: "Erase all secrets in the local store and reset the configuration settings to default values"))
{
return;
}
var defaultConfigData = SecureStoreConfig.GetDefault();
var newConfigData = new SecureStoreConfig(
scope: MyInvocation.BoundParameters.ContainsKey(nameof(Scope)) ? Scope : defaultConfigData.Scope,
passwordRequired: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordRequired)) ? (bool)PasswordRequired : defaultConfigData.PasswordRequired,
passwordTimeout: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordTimeout)) ? PasswordTimeout : defaultConfigData.PasswordTimeout,
doNotPrompt: MyInvocation.BoundParameters.ContainsKey(nameof(DoNotPrompt)) ? (bool)DoNotPrompt : defaultConfigData.DoNotPrompt);
if (!SecureStoreFile.RemoveStoreFile(out string errorMsg))
{
ThrowTerminatingError(
new ErrorRecord(
exception: new PSInvalidOperationException(errorMsg),
errorId: "ResetSecretStoreCannotRemoveStoreFile",
errorCategory: ErrorCategory.InvalidOperation,
targetObject: this));
}
if (!SecureStoreFile.WriteConfigFile(
configData: newConfigData,
out errorMsg))
{
ThrowTerminatingError(
new ErrorRecord(
exception: new PSInvalidOperationException(errorMsg),
errorId: "ResetSecretStoreCannotWriteConfigFile",
errorCategory: ErrorCategory.InvalidOperation,
targetObject: this));
}
LocalSecretStore.Reset();
WriteObject(newConfigData);
}
private void StoreVaultParameters(
Hashtable vaultInfo,
string vaultName,
Hashtable parameters)
{
var parametersName = string.Empty;
if (parameters != null)
{
// Generate unique name for parameters based on vault name.
// e.g., "_SPT_Parameters_VaultName_"
parametersName = ScriptParamTag + vaultName + "_";
// Store parameters in built-in local secure vault.
int errorCode = 0;
if (!LocalSecretStore.WriteObject(
name: parametersName,
parameters,
ref errorCode))
{
var msg = string.Format(
CultureInfo.InvariantCulture,
"Unable to register vault extension because writing script parameters to the built-in local store failed with error: {0}",
LocalSecretStore.GetErrorMessage(errorCode));
ThrowTerminatingError(
new ErrorRecord(
new PSInvalidOperationException(msg),
"RegisterSecretsVaultCannotSaveParameters",
ErrorCategory.WriteError,
this));
}
}
// Add parameters store name to the vault registry information.
vaultInfo.Add(
key: ExtensionVaultModule.VaultParametersStr,
value: parametersName);
}
protected override void ProcessRecord()
{
if (Vault.Equals(RegisterSecretVaultCommand.BuiltInLocalVault, StringComparison.OrdinalIgnoreCase))
{
// Remove from local built-in default vault.
int errorCode = 0;
if (!LocalSecretStore.DeleteObject(
name: Name,
ref errorCode))
{
var errorMessage = LocalSecretStore.GetErrorMessage(errorCode);
var msg = string.Format(CultureInfo.InvariantCulture,
"The secret could not be removed from the local default vault. Error: {0}", errorMessage);
ThrowTerminatingError(
new ErrorRecord(
new PSInvalidOperationException(msg),
"RemoveSecretCannotDelete",
ErrorCategory.InvalidOperation,
this));
}
else
{
WriteVerbose(
string.Format("Secret {0} was successfully removed from vault {1}.", Name, RegisterSecretVaultCommand.BuiltInLocalVault));
}
return;
}
// Remove from extension vault.
var extensionModule = GetExtensionVault(Vault);
extensionModule.InvokeRemoveSecret(
name: Name,
vaultName: Vault,
cmdlet: this);
}
protected override void EndProcessing()
{
if (ParameterSetName == SecureStringParameterSet)
{
Secret = SecureStringSecret;
}
var secretToWrite = (Secret is PSObject psObject) ? psObject.BaseObject : Secret;
// Add to specified vault.
if (!string.IsNullOrEmpty(Vault) &&
!Vault.Equals(RegisterSecretsVaultCommand.BuiltInLocalVault, StringComparison.OrdinalIgnoreCase))
{
var extensionModule = GetExtensionVault(Vault);
// If NoClobber is selected, then check to see if it already exists.
if (NoClobber)
{
var result = extensionModule.InvokeGetSecret(
name: Name,
cmdlet: this);
if (result != null)
{
var msg = string.Format(CultureInfo.InvariantCulture,
"A secret with name {0} already exists in vault {1}", Name, Vault);
ThrowTerminatingError(
new ErrorRecord(
new PSInvalidOperationException(msg),
"AddSecretAlreadyExists",
ErrorCategory.ResourceExists,
this));
}
}
// Add new secret to vault.
extensionModule.InvokeSetSecret(
name: Name,
secret: secretToWrite,
cmdlet: this);
return;
}
// Add to default built-in vault (after NoClobber check).
int errorCode = 0;
if (NoClobber)
{
if (LocalSecretStore.ReadObject(
name: Name,
out object _,
ref errorCode))
{
var msg = string.Format(CultureInfo.InvariantCulture,
"A secret with name {0} already exists in the local default vault", Name);
ThrowTerminatingError(
new ErrorRecord(
new PSInvalidOperationException(msg),
"AddSecretAlreadyExists",
ErrorCategory.ResourceExists,
this));
}
}
errorCode = 0;
if (!LocalSecretStore.WriteObject(
name: Name,
objectToWrite: secretToWrite,
ref errorCode))
{
var errorMessage = LocalSecretStore.GetErrorMessage(errorCode);
var msg = string.Format(CultureInfo.InvariantCulture,
"The secret could not be written to the local default vault. Error: {0}", errorMessage);
ThrowTerminatingError(
new ErrorRecord(
new PSInvalidOperationException(msg),
"AddSecretCannotWrite",
ErrorCategory.WriteError,
this));
}
else
{
WriteVerbose(
string.Format("Secret {0} was successfully added to vault {1}.", Name, RegisterSecretsVaultCommand.BuiltInLocalVault));
}
}
protected override void EndProcessing()
{
bool yesToAll = false;
bool noToAll = false;
if (!Force && !ShouldContinue(
query: "Are you sure you want to erase all secrets in SecretStore and reset configuration settings to default?",
caption: "Reset SecretStore",
hasSecurityImpact: true,
ref yesToAll,
ref noToAll))
{
return;
}
var defaultConfigData = SecureStoreConfig.GetDefault();
var interaction = MyInvocation.BoundParameters.ContainsKey(nameof(Interaction)) ? Interaction : defaultConfigData.Interaction;
var newConfigData = new SecureStoreConfig(
scope: MyInvocation.BoundParameters.ContainsKey(nameof(Scope)) ? Scope : defaultConfigData.Scope,
authentication: MyInvocation.BoundParameters.ContainsKey(nameof(Authentication)) ? Authentication : defaultConfigData.Authentication,
passwordTimeout: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordTimeout)) ? PasswordTimeout : defaultConfigData.PasswordTimeout,
interaction: interaction);
if (!SecureStoreFile.RemoveStoreFile(out string errorMsg))
{
ThrowTerminatingError(
new ErrorRecord(
exception: new PSInvalidOperationException(errorMsg),
errorId: "ResetSecretStoreCannotRemoveStoreFile",
errorCategory: ErrorCategory.InvalidOperation,
targetObject: this));
}
if (!SecureStoreFile.WriteConfigFile(
configData: newConfigData,
out errorMsg))
{
ThrowTerminatingError(
new ErrorRecord(
exception: new PSInvalidOperationException(errorMsg),
errorId: "ResetSecretStoreCannotWriteConfigFile",
errorCategory: ErrorCategory.InvalidOperation,
targetObject: this));
}
LocalSecretStore.Reset();
if (Password != null)
{
var password = Utils.CheckPassword(Password);
LocalSecretStore.GetInstance(
password: password).UnlockLocalStore(
password: password,
passwordTimeout: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordTimeout)) ?
(int?)PasswordTimeout : null);
}
else if (interaction == Microsoft.PowerShell.SecretStore.Interaction.Prompt)
{
// Invoke the password prompt.
LocalSecretStore.GetInstance(cmdlet: this);
}
if (PassThru.IsPresent)
{
WriteObject(newConfigData);
}
}
protected override void EndProcessing()
{
if (Scope == SecureStoreScope.AllUsers)
{
ThrowTerminatingError(
new ErrorRecord(
exception: new PSNotSupportedException("AllUsers scope is not yet supported."),
errorId: "SecretStoreConfigurationNotSupported",
errorCategory: ErrorCategory.NotEnabled,
this));
}
var password = Utils.CheckPassword(Password);
var passwordRequired = LocalSecretStore.PasswordRequired;
if (passwordRequired == SecureStoreFile.PasswordConfiguration.Required &&
Authentication == Authenticate.Password &&
SecureStoreFile.StoreFileExists() &&
password != null)
{
ThrowTerminatingError(
new ErrorRecord(
exception: new PSNotSupportedException("The Microsoft.PowerShell.SecretStore is already configured to require a password, and a new password cannot be added.\nUse the Set-SecretStorePassword cmdlet to change an existing password."),
errorId: "SecretStoreInvalidConfiguration",
errorCategory: ErrorCategory.NotEnabled,
this));
}
if (!ShouldProcess(
target: "SecretStore module local store",
action: "Changes local store configuration"))
{
return;
}
var oldConfigData = LocalSecretStore.GetInstance(
password: passwordRequired == SecureStoreFile.PasswordConfiguration.NotRequired ? null : password,
cmdlet: this).Configuration;
SecureStoreConfig newConfigData;
if (ParameterSetName == ParameterSet)
{
newConfigData = new SecureStoreConfig(
scope: MyInvocation.BoundParameters.ContainsKey(nameof(Scope)) ? Scope : oldConfigData.Scope,
authentication: MyInvocation.BoundParameters.ContainsKey(nameof(Authentication)) ? Authentication : oldConfigData.Authentication,
passwordTimeout: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordTimeout)) ? PasswordTimeout : oldConfigData.PasswordTimeout,
interaction: MyInvocation.BoundParameters.ContainsKey(nameof(Interaction)) ? Interaction : oldConfigData.Interaction);
}
else
{
newConfigData = SecureStoreConfig.GetDefault();
}
if (!LocalSecretStore.GetInstance(cmdlet: this).UpdateConfiguration(
newConfigData: newConfigData,
password: password,
cmdlet: this,
out string errorMsg))
{
ThrowTerminatingError(
new ErrorRecord(
exception: new PSInvalidOperationException(errorMsg),
errorId: "SecretStoreConfigurationUpdateFailed",
errorCategory: ErrorCategory.InvalidOperation,
this));
}
if (PassThru.IsPresent)
{
WriteObject(newConfigData);
}
}
protected override void EndProcessing()
{
WriteObject(
LocalSecretStore.GetInstance(cmdlet: this).Configuration);
}
