Improvement/unattended authentication issue38

[phillippover]

Added Login parameter to AdditionalParameters. If Login is found when invoking Unlock-SecretVault with a supplied [SecureString]Password, a credential object is created to authenticate. If no Login supplied, existing Read-Host functionality is maintained. Works with both userpass and AppRole authentication methods supported.

Example of use: (these are generated UUIDs, not ones in use anywhere, provided as examples)

Register-SecretVault -ModuleName SecretManagement.Hashicorp.Vault.KV -Name "secret" -VaultParameters @{VaultServer = "http://localhost:8200"; VaultAuthType = "AppRole"; KVVersion = 'v1'; Login = "673f53a5-d513-459d-961d-e22771ddf147"}
Unlock-SecretVault -Name "secret" -Password (ConvertTo-SecureString "3c1f10e8-9899-4e75-b3f2-6a3752874562" -AsPlainText -Force)

[joshcorr]

Sorry it took a few weeks to review this, but was considering if this parameter should be renamed.

Could you please do the following:

• For consistency could you possibly rename this to VaultLogin.
• Bump the version in SecretManagement.Hashicorp.Vault.KV.psd1
• Create an example of use and include the new Registration Parameter about_SecretManagement.Hashicorp.Vault.KV.Extension.Help.txt and README.md

This problem you raised got me wondering if there isn't a way to provide RoleID+SecretID via a PSCredential Object. In that case from registration you wouldn't need to unlock the vault and the Role-Id would not be in plain text on disk. Don't worry about adding that at this time, but might be a great feature to add in the future.

[jamie-wick]

Is this still being worked on? We have a project where we would like to use an AppRole (non-interactive prompt) to return secret(s) from a Hashicorp vault. This looks like it might work for us.

[joshcorr]

Waiting on @phillippover to respond to or implement the requested changes.