Get-Secret fails to retrieve some secrets listed by Get-SecretInfo

Question

Get-Secret fails to retrieve some secrets listed by Get-SecretInfo

Opened this issue 3 years ago · 9 comments

This should speak for itself:

PS❯  get-secretinfo | ? { $_.name -eq 'LeCab' } | select name,type

Name          Type
----          ----
LeCab PSCredential

PS❯  get-secret -name LeCab
Get-Secret: The secret LeCab was not found.

In the affected vault, Get-SecretInfo lists 85 secrets, this failure occurs for 8 of them:

PS❯  get-secretinfo | ? { $null -eq (get-secret -name $_.Name -ea 0) } | select name, type

Name                                        Type
----                                        ----
Enquête "Reconnaissance au travail" PSCredential
FileLocator Pro [LITE]              PSCredential
International SOS                   PSCredential
LeCab                               PSCredential
OgoneVisaNo3DS                      PSCredential
Pick Go Pay APN key                 PSCredential
Samsung Galaxy A40                  PSCredential
Windows 7 Ultimate                  PSCredential

I'm running PowerShell 7.1.4 on Windows 10.0.19043.1165.amd64fre.vb_release.191206-1406 with Microsoft.PowerShell.SecretManagement version 1.1.0 and SecretManagement.KeePass version 0.9.1.3

Answer 1 · 2021-08-27T18:38:06.000Z

Repro'ed with SecretManagement.KeePass version 0.9.2

Answer 2 · 2021-08-27T18:40:04.000Z

Try it with verbose and debug turned on? There might be some clues in there.
Specificailly $VerbosePreference = 'continue' and $DebugPreference = 'continue'

Answer 3 · 2021-08-27T18:57:20.000Z

PS❯  get-secret -name 'LeCab'
VERBOSE: Secret information was successfully retrieved from vault <REDACTED>.
VERBOSE: Secret LeCab was successfully retrieved from vault <REDACTED>.
Get-Secret: The secret LeCab was not found.

Answer 4 · 2021-08-27T19:01:47.000Z

Sounds like something went null somewhere. If you can make a dummy keepass file that you can reproduce the issue I can debug it and find what's going wrong.

Answer 5 · 2021-08-27T21:19:17.000Z

Here you go: test.zip

Master password is test.

PS❯  get-secretinfo -vault test | ? { $null -eq (get-secret -vault test -name $_.Name -ea 0) } | select name, type

Name                           Type
----                           ----
FileLocator Pro [LITE] PSCredential
LeCab                  PSCredential
Samsung Galaxy A40     PSCredential
Windows 7 Ultimate     PSCredential

Answer 6 · 2021-09-03T15:40:05.000Z

@sba923: It looks like a similar issue I run into.

If you do store an item in Keepass with no (or empty) password, SecretManagement.KeePass would internally return a null-value. This finally seems to be treated as "no secret found" by MS.SecretManagement.

IMHO this is OK. Because afiak the SecretManagement module would generally not allow to set "empty" secrects.

Answer 7 · 2021-09-03T17:27:25.000Z

@danubie thanks for sharing your thoughts

I actually use KeePass to store all kinds of secrets, some of which have an empty "Username" field and/or an empty "Password" field, for instance for software product keys, phone IMEIs....

Answer 8 · 2021-09-04T06:53:15.000Z

That's exactly where I got caught: A folder for API keys having "usernames" but no password

Answer 9 · 2021-11-26T19:06:10.000Z

Hi,

I just put the API key in the password and a "1" for the username