[Feature] Add secure configuration store (#16)

- Add a secure configuration store
- Added a local testing utility

Author: MariusStorhaug

src/GitHub/classes/Data/Config.ps1

@@ -0,0 +1,10 @@
+$script:ConfigTemplate = [pscustomobject]@{
+    App  = [pscustomobject]@{
+        API      = [pscustomobject]@{
+            BaseURI = 'https://api.github.com' # $script:ConfigTemplate.App.API.BaseURI
+            Version = '2022-11-28'             # $script:ConfigTemplate.App.API.Version
+        }
+        Defaults = [pscustomobject]@{}         # $script:ConfigTemplate.App.Defaults
+    }
+}
+$script:Config = $script:ConfigTemplate

src/GitHub/classes/Data/SecretVault.ps1

@@ -0,0 +1,7 @@
+$script:SecretVault = [pscustomobject]@{
+    Name = 'GitHub'                           # $script:SecretVault.Name
+    Type = 'Microsoft.PowerShell.SecretStore' # $script:SecretVault.Type
+}
+$script:Secret = [pscustomobject]@{
+    Name = 'Config'                           # $script:Secret.Name
+}

src/GitHub/en_US/about_Config.help.txt

@@ -0,0 +1,99 @@
+TOPIC
+    about_Config
+
+SHORT DESCRIPTION
+    Provides details about the configuration management functions in the PowerShell Module.
+
+LONG DESCRIPTION
+    The PowerShell Module provides a set of functions to manage the configuration related to the module.
+    This configuration is stored in a custom secret vault and can be accessed, modified, saved, and restored
+    using the provided cmdlets.
+
+    Name: SecretVault
+    Path: \classes\Data\SecretVault.ps1
+
+    | Name             | Type           | Default Value                      | Description                   |
+    | ---------------  | -------------- | ---------------------------------- | ----------------------------- |
+    | SecretVault      | pscustomobject | {Name, Type}                       |                               |
+    | SecretVault.Name | string         | 'GitHub'                           | The name of the secret vault. |
+    | SecretVault.Type | string         | 'Microsoft.PowerShell.SecretStore' | The type of the secret vault. |
+    | Secret           | pscustomobject | {Name}                             |                               |
+    | Secret.Name      | string         | 'Config'                           | The name of the secret.       |
+
+
+    Name: Config
+    Path: \classes\Data\Config.ps1
+
+    | Name            | Type              | Static Value            | Description              |
+    | --------------- | ----------------- | ------------------------ | ------------------------ |
+    | App             | pscustomobject    | {API, Defaults}          |                          |
+    | App.API         | pscustomobject    | {BaseURI, Version}       |                          |
+    | App.API.BaseURI | string            | 'https://api.github.com' | The GitHub API Base URI. |
+    | App.API.Version | string            | '2022-11-28'             | The GitHub API version.  |
+    | App.Defaults    | pscustomobject    | {}                       |                          |
+
+    Functions provided in the module:
+
+    - Get-GitHubConfig: Fetches the current module configuration.
+    - Reset-GitHubConfig: Resets all or specific sections to its default values.
+    - Restore-GitHubConfig: Restores the configuration from the secret vault.
+    - Save-GitHubConfig: Saves the current configuration to the secret vault.
+    - Set-GitHubConfig: Allows setting specific elements of the configuration.
+
+    The configuration values are securely stored using the SecretManagement and SecretStore modules.
+    During the module import, the following steps are performed:
+    - Initialize the configuration store.
+      - Check for secret vault of type 'Microsoft.PowerShell.SecretStore'.
+        If not registered for the current user, its configuration will be reset to unattended mode.
+      - Check for secret vault with the name 'GitHub'.
+        If it does not exist, it will be created with current configuration.
+        If the user is already using the secret vault, the existing configuration will be kept.
+    - Restore saved configuration from the configuration store.
+      - Look for the 'GitHub' secret vault.
+      - Look for the secret called 'Config'. If it exists, restore the configuration from it into memory
+
+EXAMPLES
+
+    -------------------------- EXAMPLE 1 --------------------------
+
+    Get-GitHubConfig
+
+    This command retrieves the current GitHub configuration.
+
+    -------------------------- EXAMPLE 2 --------------------------
+
+    Set-GitHubConfig -APIBaseURI 'https://api.newurl.com' -APIVersion '2023-09-23'
+
+    This command sets the API Base URI to 'https://api.newurl.com' and the API version to '2023-09-23'.
+
+    -------------------------- EXAMPLE 3 --------------------------
+
+    Restore-GitHubConfig
+
+    This command restores the GitHub configuration from the secret vault.
+
+    -------------------------- EXAMPLE 4 --------------------------
+
+    Reset-GitHubConfig -Scope 'App.API'
+
+    This command resets the 'App.API' section of the GitHub configuration to its default values.
+
+    -------------------------- EXAMPLE 5 --------------------------
+
+    Save-GitHubConfig
+
+    This command saves the current GitHub configuration to the secret vault.
+
+KEYWORDS
+    GitHub
+    PowerShell
+    SecretManagement
+    SecretStore
+
+SEE ALSO
+    - For more information about SecretManagement and SecretStore:
+      https://learn.microsoft.com/en-us/powershell/utility-modules/secretmanagement/overview?view=ps-modules
+    - The GitHub repository of this module:
+      https://github.com/PSModule/GitHub
+    - PowerShell Gallery page for SecretManagement module:
+      https://www.powershellgallery.com/packages/Microsoft.PowerShell.SecretManagement/

src/GitHub/private/Config/Initialize-SecretVault.ps1

@@ -0,0 +1,67 @@
+#Requires -Version 7.0
+#Requires -Modules Microsoft.PowerShell.SecretManagement
+#Requires -Modules Microsoft.PowerShell.SecretStore
+
+function Initialize-SecretVault {
+    <#
+    .SYNOPSIS
+    Initialize a secret vault.
+
+    .DESCRIPTION
+    Initialize a secret vault. If the vault does not exist, it will be created.
+
+    .EXAMPLE
+    Initialize-SecretVault -Name 'SecretStore' -Type 'Microsoft.PowerShell.SecretStore'
+
+    Initializes a secret vault named 'SecretStore' using the 'Microsoft.PowerShell.SecretStore' module.
+
+    .NOTES
+    For more information aobut secret vaults, see https://learn.microsoft.com/en-us/powershell/utility-modules/secretmanagement/overview?view=ps-modules
+    #>
+    [OutputType([void])]
+    [CmdletBinding()]
+    param (
+        # The name of the secret vault.
+        [Parameter()]
+        [string] $Name,
+
+        # The type of the secret vault.
+        [Parameter()]
+        [Alias('ModuleName')]
+        [string] $Type
+    )
+
+    $secretVault = Get-SecretVault | Where-Object { $_.ModuleName -eq $Type }
+    $secretVaultExists = $secretVault.count -ne 0
+    Write-Verbose "A $Name exists: $secretVaultExists"
+    if (-not $secretVaultExists) {
+        Write-Verbose "Registering [$Name]"
+
+        switch ($Type) {
+            'Microsoft.PowerShell.SecretStore' {
+                $vaultParameters = @{
+                    Authentication  = 'None'
+                    PasswordTimeout = -1
+                    Interaction     = 'None'
+                    Scope           = 'CurrentUser'
+                    WarningAction   = 'SilentlyContinue'
+                    Confirm         = $false
+                    Force           = $true
+                }
+                Reset-SecretStore @vaultParameters
+            }
+        }
+    }
+
+    $secretStore = Get-SecretVault | Where-Object { $_.Name -eq $Name }
+    $secretStoreExists = $secretStore.count -ne 0
+    if (-not $secretStoreExists) {
+        $secretVault = @{
+            Name         = $Name
+            ModuleName   = $Type
+            DefaultVault = $true
+            Description  = 'SecretStore'
+        }
+        Register-SecretVault @secretVault
+    }
+}

src/GitHub/public/Config/Get-GitHubConfig.ps1

@@ -0,0 +1,34 @@
+function Get-GitHubConfig {
+    <#
+        .SYNOPSIS
+        Get the current GitHub configuration.
+
+        .DESCRIPTION
+        Get the current GitHub configuration.
+        If the Refresh switch is used, the configuration will be refreshed from the configuration file.
+
+        .EXAMPLE
+        Get-GitHubConfig
+
+        Returns the current GitHub configuration.
+
+        .EXAMPLE
+        Get-GitHubConfig -Refresh
+
+        Refreshes the current GitHub configuration from the configuration store beofre returning it.
+    #>
+    [Alias('Get-GHConfig')]
+    [OutputType([PSCustomObject])]
+    [CmdletBinding()]
+    param (
+        # Refresh the configuration from the configuration store before returning it.
+        [Parameter()]
+        [switch] $Refresh
+    )
+
+    if ($Refresh) {
+        Restore-GitHubConfig
+    }
+
+    $script:Config
+}

src/GitHub/public/Config/Reset-GitHubConfig.ps1

@@ -0,0 +1,43 @@
+function Reset-GitHubConfig {
+    <#
+        .SYNOPSIS
+        Reset the GitHub configuration.
+
+        .DESCRIPTION
+        Reset the GitHub configuration. Specific scopes can be reset by using the Scope parameter.
+
+        .EXAMPLE
+        Reset-GitHubConfig
+
+        Resets the entire GitHub configuration.
+
+        .EXAMPLE
+        Reset-GitHubConfig -Scope 'App.API'
+
+        Resets the App.API scope of the GitHub configuration.
+    #>
+    [Alias('Reset-GHConfig')]
+    [OutputType([void])]
+    [CmdletBinding()]
+    param(
+        [Parameter()]
+        [ValidateSet('App', 'App.API', 'App.Defaults', 'All')]
+        [string] $Scope = 'All'
+    )
+
+    switch($Scope) {
+        'App' {
+            $script:Config.App = $script:ConfigTemplate.App
+        }
+        'App.API' {
+            $script:Config.App.API = $script:ConfigTemplate.App.API
+        }
+        'App.Defaults' {
+            $script:Config.App.Defaults = $script:ConfigTemplate.App.Defaults
+        }
+        'All' {
+            $script:Config = $script:ConfigTemplateDefaults
+        }
+    }
+    Save-GitHubConfig
+}

src/GitHub/public/Config/Restore-GitHubConfig.ps1

@@ -0,0 +1,38 @@
+#Requires -Version 7.0
+#Requires -Modules Microsoft.PowerShell.SecretManagement
+
+function Restore-GitHubConfig {
+    <#
+        .SYNOPSIS
+        Restore the GitHub configuration from the configuration store.
+
+        .DESCRIPTION
+        Restore the GitHub configuration from the configuration store.
+
+        .EXAMPLE
+        Restore-GitHubConfig
+
+        Restores the GitHub configuration from the configuration store.
+    #>
+    [Alias('Load-GitHubConfig')]
+    [Alias('Load-GHConfig')]
+    [Alias('Restore-GHConfig')]
+    [OutputType([void])]
+    [CmdletBinding()]
+    param()
+
+    $vault = Get-SecretVault -Name $script:SecretVault.Name
+    $vaultExists = $vault.count -eq 1
+    if ($vaultExists) {
+        $secretExists = Get-SecretInfo -Name $script:Secret.Name -Vault $script:SecretVault.Name
+        if ($secretExists) {
+            $script:Config = Get-Secret -Name $script:Secret.Name -AsPlainText -Vault $script:SecretVault.Name | ConvertFrom-Json
+        } else {
+            Write-Warning "Unable to restore configuration."
+            Write-Warning "The secret [$($script:Secret.Name)] does not exist in the vault [$($script:SecretVault.Name)]."
+        }
+    } else {
+        Write-Warning "Unable to restore configuration."
+        Write-Warning "The vault [$($script:SecretVault.Name)] does not exist."
+    }
+}

src/GitHub/public/Config/Save-GitHubConfig.ps1

@@ -0,0 +1,24 @@
+#Requires -Version 7.0
+#Requires -Modules Microsoft.PowerShell.SecretManagement
+
+function Save-GitHubConfig {
+    <#
+        .SYNOPSIS
+        Save the GitHub configuration to the configuration store.
+
+        .DESCRIPTION
+        Save the GitHub configuration to the configuration store.
+
+        .EXAMPLE
+        Save-GitHubConfig
+
+        Saves the GitHub configuration to the configuration store.
+    #>
+    [Alias('Save-GHConfig')]
+    [OutputType([void])]
+    [CmdletBinding()]
+    param()
+
+    $config = $script:Config | ConvertTo-Json -Depth 100
+    Set-Secret -Name $script:Secret.Name -Secret $config -Vault $script:SecretVault.Name
+}

src/GitHub/public/Config/Set-GitHubConfig.ps1

@@ -0,0 +1,36 @@
+function Set-GitHubConfig {
+    <#
+        .SYNOPSIS
+        Set the GitHub configuration.
+
+        .DESCRIPTION
+        Set the GitHub configuration. Specific scopes can be set by using the parameters.
+
+        .EXAMPLE
+        Set-GitHubConfig -APIBaseURI 'https://api.github.com' -APIVersion '2022-11-28'
+
+        Sets the App.API scope of the GitHub configuration.
+    #>
+    [Alias('Set-GHConfig')]
+    [CmdletBinding()]
+    param (
+        # Set the API Base URI.
+        [Parameter()]
+        [string] $APIBaseURI,
+
+        # Set the GitHub API Version.
+        [Parameter()]
+        [string] $APIVersion
+    )
+
+    switch ($PSBoundParameters.Keys) {
+        'APIBaseURI' {
+            $script:ConfigTemplate.App.API.BaseURI = $APIBaseURI
+        }
+
+        'APIVersion' {
+            $script:ConfigTemplate.App.API.Version = $APIVersion
+        }
+    }
+    Save-GitHubConfig
+}

src/GitHub/public/loader.ps1

@@ -0,0 +1,2 @@
+Initialize-SecretVault -Name $script:SecretVault.Name -Type $script:SecretVault.Type
+Restore-GitHubConfig