Private/Authentication/Microsoft/Get-PartnerCredentials.ps1
|
function Get-PartnerCredentials { [CmdletBinding()] param() # Start by connecting to Azure Key Vault $AzContext = Get-AzContext if (!$AzContext -or $AzContext.Tenant.Id -ne $script:Config.PartnerTenantId) { try { # Try certificate auth first $Certificate = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq $script:Config.CertificateThumbprint } if ($Certificate) { Write-Verbose "Using certificate authentication for Azure Key Vault access" Connect-AzAccount -ApplicationId $script:Config.ApplicationId ` -CertificateThumbprint $Certificate.Thumbprint ` -Tenant $script:Config.PartnerTenantId ` -SubscriptionName $script:Config.SubscriptionName | Out-Null } else { Write-Verbose "Using interactive authentication for Azure Key Vault access" Connect-AzAccount -Tenant $script:Config.PartnerTenantId ` -SubscriptionName $script:Config.SubscriptionName | Out-Null } } catch { Write-ModuleLog -Message "Failed to connect to Azure" -Level Error -Component 'AzureConnection' -ErrorRecord $_ } } try { # Retrieve secrets from Key Vault $ApplicationId = Get-AzKeyVaultSecret -VaultName $script:Config.KeyVaultName -Name "ApplicationId" -AsPlainText $ApplicationSecret = Get-AzKeyVaultSecret -VaultName $script:Config.KeyVaultName -Name "ApplicationSecret" -AsPlainText $RefreshToken = Get-AzKeyVaultSecret -VaultName $script:Config.KeyVaultName -Name "RefreshToken" -AsPlainText $ExchangeRefreshToken = Get-AzKeyVaultSecret -VaultName $script:Config.KeyVaultName -Name "ExchangeRefreshToken" -AsPlainText return [PSCustomObject]@{ ApplicationId = $ApplicationId ApplicationSecret = $ApplicationSecret RefreshToken = $RefreshToken ExchangeRefreshToken = $ExchangeRefreshToken } } catch { Write-ModuleLog -Message "Failed to retrieve credentials from Key Vault" -Level Error -Component 'CredentialRetrieval' -ErrorRecord $_ } } |