Central Provider and Central Credential Provider support (#15)

* splattin' it

* formattin' it

* Support for communicating with the Vault via Central Provider or Central Credential Provider (#14)

* publish workflow

* version bump to 1.0.0

Author: aaearon

.github/workflows/pester.yml

@@ -11,7 +11,7 @@ jobs:
         shell: pwsh
         run: |
           Set-PSRepository PSGallery -InstallationPolicy Trusted
-          Install-Module psPAS, Microsoft.PowerShell.SecretManagement
+          Install-Module psPAS, CredentialRetriever, Microsoft.PowerShell.SecretManagement
       - name: Executes Pester tests
         shell: pwsh
         run: |

.github/workflows/publish.yml

@@ -0,0 +1,21 @@
+
+name: Publish Module to PowerShell Gallery
+
+on:
+  release:
+    types: [published]
+
+  workflow_dispatch:
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Publish Module to PowerShell Gallery
+        uses: pcgeek86/publish-powershell-module-action@v20
+        id: publish-module
+        with:
+          NuGetApiKey: ${{ secrets.PS_GALLERY_KEY }}

README.md

@@ -1,23 +1,67 @@
 # SecretManagement.CyberArk
 
-A [SecretManagement](https://github.com/powershell/secretmanagement) extension for [CyberArk](https://www.cyberark.com/). The [psPAS](https://github.com/pspete/psPAS) module is used to communicate with the Vault.
+A [SecretManagement](https://github.com/powershell/secretmanagement) extension for [CyberArk](https://www.cyberark.com/). It supports connecting to the Vault by either the REST API, Credential Provider, or Central Credential Provider.
+
+The [psPAS](https://github.com/pspete/psPAS) or [CredentialRetriever](https://github.com/pspete/CredentialRetriever) module is used to communicate with the Vault.
 
 ## Prerequisities
 
 * The [psPAS](https://github.com/pspete/psPAS) Powershell module
+* The [CredentialRetriever](https://github.com/pspete/CredentialRetriever) Powershell module
 * The [SecretManagement](https://github.com/powershell/secretmanagement) Powershell module
 
 ## Installation
 
 From PowerShell Gallery
 
-`Install-Module SecretManagement.CyberArk`
+```powershell
+Install-Module SecretManagement.CyberArk
+```
 
 ## Registration
 
-Once installed, it must be registered as an extension for `SecretManagement`.
+Once installed, it must be registered as an extension for `SecretManagement`. Depending on how you want to connect to the Vault, you will need to provide the appropriate parameters.
+
+### Credential Provider
+
+Specify `CredentialProvider` as the `ConnectionType`, the `AppID` to authenticate as, and optionally a `ClientPath` to the Credential Provider executable (otherwise it will use the existing `ClientPath` previously set via `Set-AIMConfiguration`.)
+
+```powershell
+$VaultParameters = @{
+    ConnectionType = 'CredentialProvider'
+    AppID          = 'windowsScript'
+    ClientPath     = 'C:\Path\To\CLIPasswordSDK.exe'
+}
 
-`Register-SecretVault -ModuleName SecretManagement.CyberArk`
+Register-SecretVault -Name CyberArk -ModuleName SecretManagement.CyberArk @VaultParameters
+```
+
+### Central Credential Provider
+
+Specify `CentralCredentialProvider` as the `ConnectionType`, the `AppID` to authenticate as, and the `URL` for the Central Credential Provider. Optionally, parameters such as `SkipCertificateCheck`, `UseDefaultCredentials`, `Credential`, `CertificateThumbPrint`, and `Certificate` can be specified.
+
+```powershell
+$VaultParameters = @{
+    ConnectionType       = 'CentralCredentialProvider'
+    AppID                = 'windowsScript'
+    URL                  = 'https://comp01.contoso.com'
+    SkipCertificateCheck = $true
+}
+
+Register-SecretVault -Name CyberArk -ModuleName SecretManagement.CyberArk @VaultParameters
+```
+
+### REST API
+
+Specify `REST` as the `ConnectionType` and an existing `PASSession` will be used.
+
+```powershell
+$VaultParameters = @{
+    ConnectionType = 'REST'
+}
+
+Register-SecretVault -Name CyberArk -ModuleName SecretManagement.CyberArk @VaultParameters
+```
 
 ## Usage
 
@@ -27,28 +71,37 @@ You use the typical `SecretManagement` commands such as `Get-Secret` and `Set-Se
 
 To retrieve the password for an account named `localAdmin01`:
 
-`Get-PASAccount -search localAdmin01 -safeName Windows | Get-Secret`
+```powershell
+Get-Secret -Name localAdmin01 -VaultName CyberArk
+```
 
 or
 
-`Get-Secret -Name localAdmin01`
+```powershell
+Get-PASAccount -search localAdmin01 -safeName Windows | Get-Secret -VaultName CyberArk
+```
 
 Note: If multiple results are returned from CyberArk the first one is provided.
 
 To retrieve the password for an account named `linuxAdmin01` where policy requires a reason:
 
-`Get-Secret -Name localAdmin01 -AdditionalParameters @{Reason="To do things"}`
+```powershell
+Get-Secret -Name localAdmin01 -AdditionalParameters @{Reason = 'To do things' } -VaultName CyberArk
+```
 
 To create a new credential in the Vault use:
 
 ```powershell
-$Secret = ConvertTo-SecureString "verySecret!" -AsPlainText -Force
+$Secret = ConvertTo-SecureString 'verySecret!' -AsPlainText -Force
 
 $NewCredentialProperties = @{
-    address="iosharp.lab";
-    userName="localAdmin10"}
+    platformId = 'WindowsDomainAccount'
+    safeName   = 'Windows'
+    address    = 'iosharp.lab'
+    userName   = 'localAdmin10'
+}
 
-Set-Secret -platformId WindowsDomainAccount -safeName Windows -Secret $Secret -AdditionalParameters $NewCredentialProperties
+Set-Secret -VaultName CyberArk -Secret $Secret -AdditionalParameters $NewCredentialProperties
 ```
 
-Note: The value passed to the `Name` argument will be used as the `name` property for the account in CyberArk. If you want CyberArk to generate the name for the account automatically, do not use the `Name` argument.
+Note: The value passed to the `Name` argument will be used as the `name` property for the account in CyberArk. If you want CyberArk to generate the name for the account automatically, do not use the `Name` argument. This is not supported for the `CentralCredentialProvider` and `CredentialProvider` connection types.

SecretManagement.CyberArk/SecretManagement.CyberArk.Extension/SecretManagement.CyberArk.Extension.psd1

@@ -1,5 +1,5 @@
 @{
-    ModuleVersion = '0.2'
-    RootModule = 'SecretManagement.CyberArk.Extension.psm1'
-    FunctionsToExport = @('Set-Secret','Get-Secret','Remove-Secret','Get-SecretInfo','Test-SecretVault')
+    ModuleVersion     = '1.0.0'
+    RootModule        = 'SecretManagement.CyberArk.Extension.psm1'
+    FunctionsToExport = @('Set-Secret', 'Get-Secret', 'Remove-Secret', 'Get-SecretInfo', 'Test-SecretVault')
 }