Catesta - Vault Extension Module

Synopsis

Scaffolds a PowerShell SecretManagement vault module project for use with desired CICD platform for easy cross platform PowerShell development.

Getting Started

---

Note: It is important to have a clear understanding of what your module should support before you begin your project with Catesta. IIf your module is designed to be cross-platform or you plan to test different versions of PowerShell, it is recommended to run multiple build types to cover different scenarios. This will help you validate that your module works as expected on different platforms and environments.

---

1. Create your vault extension project using Catesta. (Catesta Basics)
   • NOTE: As a community best practice SecretManagement projects have SecretManagement.VaultName added to a project name. Catesta will automatically accomplish this for you. Just select a name for your vault project and let Catesta do the rest
2. Write the logic for your vault extension module (the hardest part)
   • All build testing can be done locally by navigating to src and running Invoke-Build
     • By default, this runs all tasks in the build file.
       • If you want to run a specific task from the build file you can provide the task name. For example, to just execute Pester tests for your project: Invoke-Build -Task Test
   • If using VSCode as your primary editor you can use VSCode tasks to perform various local actions
     • Open the VSCode Command palette
       • Shift+Command+P (Mac) / Ctrl+Shift+P (Windows/Linux) or F1
     • Type Tasks: Run Task
     • Select the task to run
       • Examples:
         • task . - Runs complete build (all tasks)
         • task Test - Invokes all Pester Unit Tests
         • task Analyze - Invokes Script Analyzer checks
         • task DevCC - Generates generate xml file to graphically display code coverage in VSCode using Coverage Gutters

Notes

The structure and layout of a SecretManagement Vault extension module differs quite a bit from a standard PowerShell module:

./SecretManagement.TestVault
./SecretManagement.TestVault/SecretManagement.TestVault.psd1
./SecretManagement.TestVault/SecretManagement.TestVault.psm1
./SecretManagement.TestVault/TestStoreImplementation.dll
./SecretManagement.TestVault/SecretManagement.TestVault.Extension
./SecretManagement.TestVault/SecretManagement.TestVault.Extension/SecretManagement.TestVault.Extension.psd1
./SecretManagement.TestVault/SecretManagement.TestVault.Extension/SecretManagement.TestVault.Extension.psm1

NOTE: Because of the nested nature of the vault extension, and how user facing functions are surfaced up, Catesta does not support automated help generation via platyPS for Vault extension projects.

PowerShell SecretManagement Diagram

Additional Reading

• Announcing SecretManagement 1.1 GA
• SecretManagement and SecretStore are Generally Available
• SecretManagement Module v1.1.0 preview update
• PowerShell SecretManagement Module Design
• PowerShell Secrets Management – Part 1: Introduction
• PowerShell Secrets Management – Part 2: Installation and first steps
• SecretManagement and SecretStore Release Candidate 2
  • SecretManagement Module Preview Design Changes
  • SecretManagement and SecretStore Updates
• Secrets Management Module Vault Extensions

SecretManagement and SecretStore Repos

• SecretManagement
• SecretStore
• Azure Vault

Vault Extension Examples

• SecretManagement.1Password
• SecretManagement.BitWarden
• SecretManagement.Chromium
• SecretManagement.CyberArk
• SecretManagement.Hashicorp.Vault.KV
• SecretManagement.KeePass
• KeybaseSecretManagementExtension
• SecretManagement.KeyChain
• SecretManagement.LastPass