function Read-AppTierSecrets {
<#
.SYNOPSIS
    Reads App Tier Secrets.
#>

    [CmdletBinding()]
    Param(
        [string]$secretUserName,
        [string]$secretPassword,
        [string]$secretFolder,
        [string]$secretDomain
    )

    $logLead  = (Get-LogLeadName);
    $hasCerts = $false

    # Create a temporary download folder for certificates
    $randomFolderName = [System.IO.Path]::GetRandomFileName().Split('.') | Select-Object -First 1
    $downloadFolder = Join-Path $PSScriptRoot $randomFolderName

    if (!([System.IO.Directory]::Exists($downloadFolder))) {
        Write-Verbose ("$logLead : Creating temporary download folder {0}" -f $downloadFolder)
        New-Item $downloadFolder -ItemType Directory -Force | Out-Null
    }

    # Pull Secrets
    Write-Output ("$logLead : Getting AppServer Secrets for Folder {0} using user {1}" -f $secretFolder, $secretUserName)
    $secrets = Get-SecretsForPod $secretUserName $secretPassword $secretDomain $secretFolder

    $savedCertificates = @()

    # Have to explicitly call GetEnumerator because of the way PS handles Dictionaries to HashTables
    foreach ($secret in $secrets.GetEnumerator()) {
        [System.Reflection.Assembly]::LoadWithPartialName("System.IO.Compression.FileSystem") | Out-Null

        if ($secret.Value.SecretType -eq [Alkami.Ops.SecretServer.Enum.SecretType]::Certificate) {
            $cert = [Alkami.Ops.SecretServer.Model.Certificate]$secret.Value
            Save-CertificatesToDisk $cert ([ref]$savedCertificates) $downloadFolder
            $hasCerts = $true
        }
        elseif ($secret.Value.SecretType -eq [Alkami.Ops.SecretServer.Enum.SecretType]::User) {
            Set-ServiceAccountValue ([Alkami.Ops.SecretServer.Model.User]$secret.Value)
        }
        elseif ($secret.Value.SecretType -eq [Alkami.Ops.SecretServer.Enum.SecretType]::ConnectionString -and $masterConnectionString -eq "REPLACEME") {
            $secretConnectionString = ([Alkami.Ops.SecretServer.Model.ConnectionString]$secret.Value).RawConnectionString
            Write-Output ("$logLead : Setting master connection string to {0}" -f $secretConnectionString)
            $global:masterConnectionString = $secretConnectionString
        }
    }

    if ($hasCerts) {
        Read-AppTierCertificates $downloadFolder $savedCertificates
    }

    if (Test-Path $downloadFolder) {
        Write-Verbose ("$logLead : Removing temporary download folder {0}" -f $downloadFolder)
        Remove-Item $downloadFolder -Recurse -Force
    }
}

Set-Alias -name Load-AppTierSecrets -value Read-AppTierSecrets;