cbrand/ps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
ps/Modules/Alkami.Ops.Certificates/Cmdlets/OptimizePodSecrets.cs
jcolebrand c34cead304 First full commit
2023-05-30 22:51:22 -07:00

51 lines
2.3 KiB
C#
Raw Permalink Blame History

using System;
using System.Management.Automation;
namespace Alkami.Ops.Certificates
{
/// <summary>
/// Downloads certificates for ALL environments under the FriendlyCertificates folder, combines them into a handful of secrets, and uploads them to the MachineSecrets folder.
/// This allows a server to download 4 secrets (web, app, common web, common app) instead of 200+ secrets.
/// </summary>
/// <param name="SecretUsername">Username with which to authenticate</param>
/// <param name="SecretPassword">Password with which to authenticate</param>
/// <param name="SecretSite">Site of Secret Server</param>
/// <param name="FriendlySecretFolder">Root folder for where all Friendly Certificates are stored.</param>
/// <param name="ImportableUsers">Doesn't appear to actually be used? Just leave the defaults.</param>
/// <param name="MachineSecretFolder">Root folder for where all Zipped Certificates will be placed.</param>
[Cmdlet("Optimize", "PodSecrets")]
[OutputType(typeof(string))]
public class OptimizePodSecrets : Cmdlet
{
[Parameter(Position = 0, Mandatory = true)]
public string SecretUsername;
[Parameter(Position = 1, Mandatory = true)]
public string SecretPassword;
[Parameter(Position = 2, Mandatory = false)]
public string SecretSite = "https://alkami.secretservercloud.com";
[Parameter(Position = 3, Mandatory = false)]
public string FriendlySecretFolder = "ops.deployment-CertApi/FriendlyCertificates";
[Parameter(Position = 4, Mandatory = false)]
public string[] ImportableUsers = new string[] { "CORP\\Site Reliability Engineers", "fh\\jumpbox.jenkins", "fh\\ci.migrate$" };
[Parameter(Position = 5, Mandatory = false)]
public string MachineSecretFolder = "ops.deployment-CertApi/MachineSecrets";
protected override void ProcessRecord()
{
var watch = new System.Diagnostics.Stopwatch();
watch.Start();
using (var importer = new SecretServerImporter(SecretSite, SecretUsername, SecretPassword))
{
importer.CreatePodSecrets(FriendlySecretFolder, MachineSecretFolder, ImportableUsers);
}
Console.WriteLine($"Finished executing in {watch.Elapsed}");
}
}
}
Reference in New Issue View Git Blame Copy Permalink