You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(security): apply proper PSScriptAnalyzer suppression pattern from PSWrapper
Apply the same SuppressMessageAttribute pattern used in Datto-DBPool_PSWrapper's
Get-DBPoolUser.ps1 function, which includes:
- Justification parameter with clear explanation
- Inline comment after the attribute
The temporary password in Initialize-DattoSecretStoreVault is safe because:
- It's randomly generated (32 characters)
- It's never stored or logged
- It's only used to satisfy SecretStore's initial setup requirement
- It's immediately replaced with no authentication
# Set the environment variables for the Datto.DBPool.Refresh module
305
+
# Initialize SecretStore with temporary password (required for initial setup, then switched to no authentication)
306
+
functionInitialize-DattoSecretStoreVault {
307
+
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText','', Justification ="Temporary random password generated for initial SecretStore setup only. Never stored or logged.")]
308
+
# PSScriptAnalyzer - ignore creation of a SecureString using plain text rule
309
+
param()
310
+
311
+
# Generate a random temporary password for initial SecretStore configuration
312
+
# This is immediately replaced with no authentication, but SecretStore requires a password for the initial setup
0 commit comments