[Feature] More separation of Unregister-SecretVault and Remove-Vault #40
Description
Is your feature request related to a problem? Please describe.
Hello! Sorry, genuinely could not decide whether to put this in as a bug report or a feature request. Also my apologies if the description is a bit jumbled
I have noticed that during the attempt to unregister a vault registered with this module extension the cmdlet Unregister-SecretVault asks me for a token (if VaultAuthType = 'Token' was specified on registration). Then the vault is unregistered and disappears from the list returned by Get-SecretVaulteven if I do not provide a token.
I have checked the code and noticed that Unregister-SecretVault does two things:
- Test-SecretVault
- Remove-Vault if user agrees with vault removal during the unregister
I'm generally still not sure about the Test-SecretVault in every exported extension cmdlet - I've seen it in SecretManagement.1Password too but have not found recommendations on it both in Microsoft's description of the architecture and examples in that same repository. I'd genuinely be very grateful if you have some input on that. Because as I understand it, the vault test is not needed for unregistering - the "main" SecretManagement module takes care of that but it is needed for vault removal
Describe the solution you'd like
Since the architecture document states that extension modules should export only the main 5 cmdlets - Get/Set/Remove-Secret, Get-SecretInfo, Test-SecretVault - my suggestion would be to move vault removal under the logic of switch parameter (-RemoveVault?) and ConfirmImpact='High' (maybe with -Force) to minimize user input.
Additional context
I'm a bit new to both HashiCorp's vault and SecretManagement, I just thought I'd offer my two cents. I have some Powershell experience so I can offer some input with both the discussion and the implementation