PSCredentialStore/src/Item/Find-CredentialStoreItem.ps1

function Find-CredentialStoreItem {
    <#
    .SYNOPSIS
        Locates a CredentialStoreItem in any CredentialStore from a given remote host item.

    .DESCRIPTION
        Find the credential object and return it as PSCredential object.

    .PARAMETER RemoteHost
        Specify the host, for which you would like to find the credentials.

    .PARAMETER Identifier
        Provide a custom identifier to the given remote host key. This enables you to store multiple credentials
        for a single remote host entry. For example ad/sys1, ftp/sys1, sql/sys1

    .PARAMETER Type
        Influence in which types of CredentialStore this function will look for a object. List of possible types:
          - All (include private and shared CredentialStore) - this is also the default.
          - Private (only look in a private CredentialStore)
          - Shared (only look in the shared CredentialStore)

    .INPUTS
        [None]

    .OUTPUTS
        [System.Management.Automation.PSCredential]

    .EXAMPLE
        $Credential = Find-CredentialStoreItem -RemoteHost 'support.komm-one.net' -Type 'All'

    .EXAMPLE
        $params = @{
            RemoteHost = 'support.komm-one.net'
            Type = 'Private'
            Identifier = 'PersonId'
        }
        $Credential = Find-CredentialStoreItem @params
    #>

    [CmdletBinding()]

    param(
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [string] $RemoteHost,

        [Parameter(Mandatory = $false)]
        [string] $Identifier,

        [Parameter(Mandatory = $false)]
        [ValidateSet('All', 'Private', 'Shared')]
        [string] $Type = 'All'
    )

    begin {
        # Define some defaults for the PreferenceVariables.
        $ErrorActionPreference = 'Stop'
        $InformationPreference = 'Continue'
        $WarningPreference = 'Continue'
        $ProgressPreference = 'SilentlyContinue'

        # Construct the CredentialStore list, based on what $Type says.
        switch ($Type) {
            'All' {
                $CredentialStoreList = @('Private', 'Shared')
                break
            }
            'Private' {
                $CredentialStoreList = @('Private')
            }
            'Shared' {
                $CredentialStoreList = @('Shared')
            }
        }
    }

    process {
        # Now go and look for the CredentialStoreItem.
        foreach ($Store in $CredentialStoreList) {
            # First make sure, that the CredentialStore exists. Sadly I don't have a way to solve this any better
            # programmatically, as PowerShell behaves oddly, if you try and pass an empty splatting to a function.
            Write-Verbose -Message ('Checking if CredentialStore of type {0} exists' -f $Store)

            if ($Store -eq 'Private') {
                if (-not (Test-CredentialStore)) {
                    Write-Warning -Message ('CredentialStore of type {0} not found, skipping ahead' -f $Store)
                    continue
                }
            }
            elseif ($Store -eq 'Shared') {
                if (-not (Test-CredentialStore -Shared)) {
                    Write-Warning -Message ('CredentialStore of type {0} not found, skipping ahead' -f $Store)
                    continue
                }
            }
            else {
                Write-Error -Message ('Invalid CredentialStore type {0} supplied' -f $Store)
                continue
            }

            # Now that we're here, means we have tested the CredentialStore for existence. We can check, if it
            # contains a CredentialStoreItem that we are looking for.
            $params = @{
                RemoteHost = $RemoteHost
            }

            # Check if the user passed -Identifier, then we add it to the splatting.
            if (-not [string]::IsNullOrWhiteSpace($Identifier)) {
                $params.Add('Identifier', $Identifier)
            }

            # Check the CredentialStore type we're currently looking at.
            if ($Store -eq 'Shared') {
                $params.Add('Shared', $true)
            }

            # Now check if the CredentialStoreItem exists
            $message = 'Checking if CredentialStoreItem {0}/{1} exists in CredentialStore {2}'
            $argumentlist = @($RemoteHost, $Identifier, $Store)
            Write-Verbose -Message ($message -f $argumentlist)

            if (Test-CredentialStoreItem @params) {
                $message = 'Looking up CredentialStoreItem {0}/{1} from CredentialStore {2}'
                $argumentlist = @($RemoteHost, $Identifier, $Store)
                Write-Verbose -Message ($message -f $argumentlist)

                try {
                    Write-Information -MessageData ($message -f $argumentlist)
                    # Read the CredentialStoreItem from the CredentialStore and store it in $CredentialObject
                    $CredentialObject = Get-CredentialStoreItem @params

                    # Now finish the loop, as we've found what we're looking for.
                    break
                }
                catch {
                    $_.Exception.Message | Write-Warning
                    $message = 'Unable to read CredentialStoreItem {0}/{1} from CredentialStore {2}'
                    $argumentlist = @($RemoteHost, $Identifier, $Store)

                    Write-Warning -Message ($message -f $argumentlist)
                }
            }
        }
    }

    end {
        # Only if we've found a CredentialStoreItem above, return it back to the caller.
        if ($null -ne $CredentialObject) {
            $CredentialObject
        }
    }
}