Az.Keyvaut - SecretManagement - Modification to Secret parameter and support for SecureStringSecret

[itfranck]

The implementation of the Microsoft.Powershell.SecretManagement module helper have a SecretValue parameter that accept a secure string.

It would be nice for the implementation to match the SecretManagementModule.

Powershell implementation of the module have 2 parameters

-SecretValue accept object (supported are)
ByteArray
String
PSCredential
Hashtable

-SecureStringSecret accept a secure string.

$Vault = @{'Vault' = 'CICD-Azkeyvault' }
$credential = [System.Management.Automation.PSCredential]::new('Hello', ('World' | ConvertTo-SecureString -AsPlainText -Force)) 
[byte[]]$Arr = 1, 2, 3


# Az.KeyVault supported
Set-Secret @vault -Name 'MySuperSecret-shhh'  -Secret  ('shhhh' | ConvertTo-SecureString -AsPlainText -Force)

# Unsupported
Set-Secret @vault -Name 'MySuperSecret-shhh'  -Secret  'shhhh' # String value
Set-Secret @vault -Name 'MySuperSecret-shhh'  -Secret  @{'Hello'='World';'Foo'='Bar'} #Hashtable
Set-Secret @vault -Name 'MySuperSecret-shhh'  -Secret  $credential #  PSCredential
Set-Secret @vault -Name 'MySuperSecret-shhh'  -Secret  $Arr  #ByteArray

# Also unsupported, the -SecureStringSecret parameter, which is there if you want to ensure that only a secure string can be passed down
Set-Secret @vault -Name 'MySuperSecret-shhh'  -SecureStringSecret   ('shhhh' | ConvertTo-SecureString -AsPlainText -Force)


# List was obtained from SecretManagement Enum
[Enum]::GetNames([Microsoft.PowerShell.SecretManagement.SecretType])

Relevant
Set-Secret helper support -SecretValue as object (but not -SecureStringSecret) here
SetSecret Keyvault implementation -SecretValue is a SecureString here

[dingmeng-xue]

@itfranck , thanks for suggestions. We will evaluate it.