Microsoft just released Version 1.0 of it’s Secrets Management, where you’re able to have a local Powershell Vault with Passwords.
In this little tutorial I show you, how to create and use the vault.
- Check if module is available
PS /Users/alex> Find-Module *secretmanagement*
Version Name Repository Description
------- ---- ---------- -----------
1.0.0 Microsoft.PowerShell.SecretManagem… PSGallery This module provides a conveni…
0.9.1.2 SecretManagement.KeePass PSGallery A cross-platform Keepass Secre…
1.0.0 SecretManagement.JustinGrote.CredM… PSGallery This PowerShell module is an e…
0.2.1 SecretManagement.LastPass PSGallery SecretManagement extension for…
0.1.1 SecretManagement.BitWarden PSGallery SecretManagement extension for…
0.0.4.6 SecretManagement.1Password PSGallery SecretManagement extension for…
0.1.3 SecretManagement.KeyChain PSGallery SecretManagement extension vau…
0.0.9.1 SecretManagement.Chromium PSGallery A cross-platform Chromium (Edg…
0.2.351 SecretManagement.PleasantPasswordS… PSGallery A cross-platform Pleasent Pass…
1.0.2 SecretManagement.Keybase PSGallery Keybase Secret Management Exte…
0.2 SecretManagement.CyberArk PSGallery SecretManagement extension for…
2.1.0 SecretManagementArgumentCompleter PSGallery Argument completer for Microso…As you can see, we could even bind local Password Stores like KeePass or Bitwarden to the SecretsManagement of Powershell
- Install the Module + Install the Powershell Secret Store
PS /Users/alex> Install-Module Microsoft.PowerShell.SecretManagement
PS /Users/alex> Install-Module Microsoft.Powershell.SecretStore- Let’s have a check if the Module is correctly installed and we already can see some Powershell command we could use
PS /Users/alex> Get-Secret
Get-Secret. Get-SecretStoreConfiguration
Get-SecretInfo Get-SecretVault
PS /Users/alex> Set-Secret
Set-Secret Set-SecretStoreConfiguration Set-SecretVaultDefault
Set-SecretInfo Set-SecretStorePassword Set-SecurityPolicy- Let’s register our first Vault
PS /Users/alex> Register-SecretVault -Name macOSpwshStore -ModuleName Microsoft.PowerShell.SecretStore- Now let see what is in our Vault -> we get prompted to enter a password
PS /Users/alex> Get-SecretStoreConfiguration
Creating a new Microsoft.PowerShell.SecretStore vault. A password is required by the current store configuration.
Enter password:
********************************
Enter password again for verification:
********************************
Scope Authentication PasswordTimeout Interaction
----- -------------- --------------- -----------
CurrentUser Password 900 Prompt- All right, now our Vault is Password saved, let’s create our first secret
# have a variable with a password first
PS /Users/alex> $sstring = Read-Host "Enter Password" -AsSecureString
Enter Password: ********
# create the secret
PS /Users/alex> Set-Secret -Name alextest -Vault macOSpwshStore -SecureStringSecret $sstring- Querying the vault shows now our password
PS /Users/alex> Get-SecretInfo
Name Type VaultName
---- ---- ---------
alextest SecureString macOSpwshStore- Of course we are now able to use the password as a variable
PS /Users/alex> $alexpwd = Get-Secret -Name alextest -Vault macOSpwshStore
PS /Users/alex> $alexpwd
System.Security.SecureString