It is still an alpha version, but longely awaited. Using credentials, keys and other secrets in scripts to do something on ourselfes behalf, is difficult to implement and manage and is also error-prone. Now Microsoft is working on a PowerShell Module called Microsoft.PowerShell.SecretsManagement which may change the landscape of secrets management completely
As i think this is a really important module, i spent a few minutes and tested the functionality.
Installation
To install the module from the PowerShell Gallery into your user context type:
|
1 |
install-module Microsoft.PowerShell.SecretsManagement -AllowPrerelease |
This installs the module and provides the following commands.
|
1 2 3 4 5 6 7 8 9 10 11 |
get-command -Module Microsoft.PowerShell.SecretsManagement|select-object Name Name ---- Add-Secret Get-Secret Get-SecretInfo Get-SecretsVault Register-SecretsVault Remove-Secret Unregister-SecretsVault |
Usage – Vaults and Secrets
This opens the main functionality. There are vaults where you are able to store secrets and there are secrets which you may store into vaults
What Vaults do we have ?
|
1 2 3 4 5 |
Get-SecretsVault Name ModuleName ImplementingType ---- ---------- ---------------- BuiltInLocalVault |
As mentioned in the original blog, the module ships with the default Vault with is a CredMan vault on the local machine.
Storing and using a Secret
Secrets may have multiple formats, the ones i have to do mostly are strings (API Keys or GUIDS) of Credentials. Now lets store a credential in the vault.
|
1 2 3 4 5 6 |
Add-Secret -Name mycred -Secret (Get-Credential) PowerShell credential request Enter your credentials. User: roman Password for user roman: ********* |
Now lets store a Guid as a string type secret.
|
1 |
Add-Secret -Name MyGuid -Secret '20d23b5b-65a4-4c87-9865-c7c612967dcf' |
What secrets do we have now ?
|
1 2 3 4 5 6 |
Get-SecretInfo Name Vault TypeName ---- ----- -------- mycred BuiltInLocalVault PSCredential MyGuid BuiltInLocalVault String |
To use the secret in a script, simply use the Get-Secret commandlet.
|
1 2 |
"This is the secrect we stored: " + (Get-Secret -Name MyGuid) This is the secrect we stored: System.Security.SecureString |
Do they survive a new session – YES ! We exit the session, start a new one and the secrets are still there.
My summary is – i really love the Module and the approach. This will solve a lot of issues in scripts today. Regards/Roman
