cache extension api keys

reduce keyvault lookups
increase performance

Modules/CippExtensions/Public/Extension Functions/Get-ExtensionAPIKey.ps1

@@ -0,0 +1,30 @@
+function Get-ExtensionAPIKey {
+    <#
+    .FUNCTIONALITY
+        Internal
+    #>
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $true)]
+        [string]$Extension,
+        [switch]$Force
+    )
+
+    $Var = "Ext_$Extension"
+    $APIKey = Get-Item -Path "ENV:$Var" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Value
+    if ($APIKey) {
+        Write-Information "Using cached API Key for $Extension"
+    } else {
+        Write-Information "Retrieving API Key for $Extension"
+        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+            $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
+            $APIKey = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq '$Extension' and RowKey eq '$Extension'").APIKey
+        } else {
+            $keyvaultname = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0]
+            $null = Connect-AzAccount -Identity
+            $APIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name $Extension -AsPlainText)
+        }
+        Set-Item -Path "ENV:$Var" -Value $APIKey -Force -ErrorAction SilentlyContinue
+    }
+    return $APIKey
+}

Modules/CippExtensions/Public/Extension Functions/Set-ExtensionAPIKey.ps1

@@ -0,0 +1,33 @@
+function Set-ExtensionAPIKey {
+    <#
+    .FUNCTIONALITY
+        Internal
+    #>
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText', '', Scope = 'Function')]
+    [CmdletBinding(SupportsShouldProcess = $true)]
+    param(
+        [Parameter(Mandatory = $true)]
+        [string]$Extension,
+        [Parameter(Mandatory = $true)]
+        [string]$APIKey
+    )
+
+    if ($PSCmdlet.ShouldProcess('API Key', "Set API Key for $Extension")) {
+        $Var = "Ext_$Extension"
+        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
+            $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
+            $Secret = [PSCustomObject]@{
+                'PartitionKey' = $Extension
+                'RowKey'       = $Extension
+                'APIKey'       = $APIKey
+            }
+            Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force
+        } else {
+            $keyvaultname = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0]
+            $null = Connect-AzAccount -Identity
+            $null = Set-AzKeyVaultSecret -VaultName $keyvaultname -Name $Extension -SecretValue (ConvertTo-SecureString -AsPlainText -Force -String $APIKey)
+        }
+        Set-Item -Path "ENV:$Var" -Value $APIKey -Force -ErrorAction SilentlyContinue
+    }
+    return $true
+}

Modules/CippExtensions/Public/Halo/Get-HaloToken.ps1

@@ -4,14 +4,8 @@ function Get-HaloToken {
         $Configuration
     )
     if (![string]::IsNullOrEmpty($Configuration.ClientID)) {
-        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
-            $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
-            $Secret = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'HaloPSA' and RowKey eq 'HaloPSA'").APIKey
-        } else {
-            $null = Connect-AzAccount -Identity
-            $VaultName = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0]
-            $Secret = Get-AzKeyVaultSecret -VaultName $VaultName -Name 'HaloPSA' -AsPlainText
-        }
+        $Secret = Get-ExtensionAPIKey -Extension 'Halo'
+
         $body = @{
             grant_type    = 'client_credentials'
             client_id     = $Configuration.ClientID

Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1

@@ -4,19 +4,13 @@ function Connect-HuduAPI {
         $Configuration
     )
 
-    if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
-        $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
-        $APIKey = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Hudu' and RowKey eq 'Hudu'").APIKey
-    } else {
-        $keyvaultname = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0]
-        $null = Connect-AzAccount -Identity
-        $APIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'Hudu' -AsPlainText)
-    }
+    $APIKey = Get-ExtensionAPIKey -Extension 'Hudu'
+
     # Add logic to check if we're using CloudFlare Tunnel (if Hudu.CFEnabled checkbox is checked from Extensions.json). If the checkbox is checked, pull CloudFlare ClientID and API Key and add as a header
     if ($Configuration.CFEnabled) {
         $CFClientID = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'CloudFlareClientID' -AsPlainText)
         $CFAPIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'CloudFlareAPIKey' -AsPlainText)
-        New-HuduCustomHeaders -Headers @{"CF-Access-Client-Id" = "$CFClientID"; "CF-Access-Client-Secret" = "$CFAPIKey"}
+        New-HuduCustomHeaders -Headers @{'CF-Access-Client-Id' = "$CFClientID"; 'CF-Access-Client-Secret' = "$CFAPIKey" }
     }
     New-HuduBaseURL -BaseURL $Configuration.BaseURL
     New-HuduAPIKey -ApiKey $APIKey

Modules/CippExtensions/Public/NinjaOne/Get-NinjaOneToken.ps1

@@ -4,19 +4,7 @@ function Get-NinjaOneToken {
         $Configuration
     )
 
-
-    if (!$ENV:NinjaClientSecret) {
-        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
-            $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
-            $ClientSecret = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'NinjaOne' and RowKey eq 'NinjaOne'").APIKey
-        } else {
-            $null = Connect-AzAccount -Identity
-            $keyvaultname = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0]
-            $ClientSecret = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'NinjaOne' -AsPlainText)
-        }
-    } else {
-        $ClientSecret = $ENV:NinjaClientSecret
-    }
+    $ClientSecret = Get-ExtensionAPIKey -Extension 'NinjaOne'
 
     $body = @{
         grant_type    = 'client_credentials'

Modules/CippExtensions/Public/PwPush/Set-PwPushConfig.ps1

@@ -18,14 +18,8 @@ function Set-PwPushConfig {
         $InitParams.BaseUrl = $Configuration.BaseUrl
     }
     if (![string]::IsNullOrEmpty($Configuration.EmailAddress)) {
-        if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
-            $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
-            $ApiKey = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'PWPush' and RowKey eq 'PWPush'").APIKey
-        } else {
-            $null = Connect-AzAccount -Identity
-            $VaultName = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0]
-            $ApiKey = Get-AzKeyVaultSecret -VaultName $VaultName -Name 'PWPush' -AsPlainText
-        }
+        $ApiKey = Get-ExtensionAPIKey -Extension 'PWPush'
+
         if (![string]::IsNullOrEmpty($ApiKey)) {
             $InitParams.APIKey = $ApiKey
             $InitParams.EmailAddress = $Configuration.EmailAddress

Modules/CippExtensions/Public/Sherweb/Get-SherwebAuthentication.ps1

@@ -1,15 +1,8 @@
 function Get-SherwebAuthentication {
     $Table = Get-CIPPTable -TableName Extensionsconfig
     $Config = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json).Sherweb
+    $APIKey = Get-ExtensionAPIKey -Extension 'Sherweb'
 
-    if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
-        $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
-        $APIKey = (Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Sherweb' and RowKey eq 'Sherweb'").APIKey
-    } else {
-        $keyvaultname = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0]
-        $null = Connect-AzAccount -Identity
-        $APIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'sherweb' -AsPlainText)
-    }
     $AuthBody = @{
         client_id     = $Config.clientId
         client_secret = $APIKey