Get-Secret fails to retrieve some secrets listed by Get-SecretInfo

[sba923]

This should speak for itself:

PS❯  get-secretinfo | ? { $_.name -eq 'LeCab' } | select name,type

Name          Type
----          ----
LeCab PSCredential

PS❯  get-secret -name LeCab
Get-Secret: The secret LeCab was not found.

In the affected vault, Get-SecretInfo lists 85 secrets, this failure occurs for 8 of them:

PS❯  get-secretinfo | ? { $null -eq (get-secret -name $_.Name -ea 0) } | select name, type

Name                                        Type
----                                        ----
Enquête "Reconnaissance au travail" PSCredential
FileLocator Pro [LITE]              PSCredential
International SOS                   PSCredential
LeCab                               PSCredential
OgoneVisaNo3DS                      PSCredential
Pick Go Pay APN key                 PSCredential
Samsung Galaxy A40                  PSCredential
Windows 7 Ultimate                  PSCredential

I'm running PowerShell 7.1.4 on Windows 10.0.19043.1165.amd64fre.vb_release.191206-1406 with Microsoft.PowerShell.SecretManagement version 1.1.0 and SecretManagement.KeePass version 0.9.1.3

[sba923]

Repro'ed with SecretManagement.KeePass version 0.9.2

[JustinGrote]

Try it with verbose and debug turned on? There might be some clues in there.
Specificailly $VerbosePreference = 'continue' and $DebugPreference = 'continue'

[sba923]

PS❯  get-secret -name 'LeCab'
VERBOSE: Secret information was successfully retrieved from vault <REDACTED>.
VERBOSE: Secret LeCab was successfully retrieved from vault <REDACTED>.
Get-Secret: The secret LeCab was not found.

[JustinGrote]

Sounds like something went null somewhere. If you can make a dummy keepass file that you can reproduce the issue I can debug it and find what's going wrong.

[sba923]

Here you go: test.zip

Master password is test.

PS❯  get-secretinfo -vault test | ? { $null -eq (get-secret -vault test -name $_.Name -ea 0) } | select name, type

Name                           Type
----                           ----
FileLocator Pro [LITE] PSCredential
LeCab                  PSCredential
Samsung Galaxy A40     PSCredential
Windows 7 Ultimate     PSCredential

[danubie]

@sba923: It looks like a similar issue I run into.

If you do store an item in Keepass with no (or empty) password, SecretManagement.KeePass would internally return a null-value. This finally seems to be treated as "no secret found" by MS.SecretManagement.

IMHO this is OK. Because afiak the SecretManagement module would generally not allow to set "empty" secrects.

[sba923]

@danubie thanks for sharing your thoughts

I actually use KeePass to store all kinds of secrets, some of which have an empty "Username" field and/or an empty "Password" field, for instance for software product keys, phone IMEIs....

[danubie]

That's exactly where I got caught: A folder for API keys having "usernames" but no password

[user8446]

Hi,

I just put the API key in the password and a "1" for the username