Microsoft just released Version 1.0 of it’s Secrets Management, where you’re able to have a local Powershell Vault with Passwords.
In this little tutorial I show you, how to create and use the vault.

  • Check if module is available
PS /Users/alex> Find-Module *secretmanagement*

Version              Name                                Repository           Description
-------              ----                                ----------           -----------
1.0.0                Microsoft.PowerShell.SecretManagem… PSGallery            This module provides a conveni…
0.9.1.2              SecretManagement.KeePass            PSGallery            A cross-platform Keepass Secre…
1.0.0                SecretManagement.JustinGrote.CredM… PSGallery            This PowerShell module is an e…
0.2.1                SecretManagement.LastPass           PSGallery            SecretManagement extension for…
0.1.1                SecretManagement.BitWarden          PSGallery            SecretManagement extension for…
0.0.4.6              SecretManagement.1Password          PSGallery            SecretManagement extension for…
0.1.3                SecretManagement.KeyChain           PSGallery            SecretManagement extension vau…
0.0.9.1              SecretManagement.Chromium           PSGallery            A cross-platform Chromium (Edg…
0.2.351              SecretManagement.PleasantPasswordS… PSGallery            A cross-platform Pleasent Pass…
1.0.2                SecretManagement.Keybase            PSGallery            Keybase Secret Management Exte…
0.2                  SecretManagement.CyberArk           PSGallery            SecretManagement extension for…
2.1.0                SecretManagementArgumentCompleter   PSGallery            Argument completer for Microso…

As you can see, we could even bind local Password Stores like KeePass or Bitwarden to the SecretsManagement of Powershell

  • Install the Module + Install the Powershell Secret Store
PS /Users/alex> Install-Module Microsoft.PowerShell.SecretManagement

PS /Users/alex> Install-Module Microsoft.Powershell.SecretStore
  • Let’s have a check if the Module is correctly installed and we already can see some Powershell command we could use
PS /Users/alex> Get-Secret                                                                                 
Get-Secret.                   Get-SecretStoreConfiguration  
Get-SecretInfo                Get-SecretVault

PS /Users/alex> Set-Secret
Set-Secret                    Set-SecretStoreConfiguration  Set-SecretVaultDefault
Set-SecretInfo                Set-SecretStorePassword       Set-SecurityPolicy
  • Let’s register our first Vault
PS /Users/alex> Register-SecretVault -Name macOSpwshStore -ModuleName Microsoft.PowerShell.SecretStore
  • Now let see what is in our Vault -> we get prompted to enter a password
PS /Users/alex> Get-SecretStoreConfiguration
Creating a new Microsoft.PowerShell.SecretStore vault. A password is required by the current store configuration.
Enter password:
********************************
Enter password again for verification:
********************************

      Scope Authentication PasswordTimeout Interaction
      ----- -------------- --------------- -----------
CurrentUser       Password             900      Prompt
  • All right, now our Vault is Password saved, let’s create our first secret
# have a variable with a password first
PS /Users/alex> $sstring = Read-Host "Enter Password" -AsSecureString
Enter Password: ********

# create the secret
PS /Users/alex> Set-Secret -Name alextest -Vault macOSpwshStore -SecureStringSecret $sstring
  • Querying the vault shows now our password
PS /Users/alex> Get-SecretInfo

Name     Type         VaultName
----     ----         ---------
alextest SecureString macOSpwshStore
  • Of course we are now able to use the password as a variable
PS /Users/alex> $alexpwd = Get-Secret -Name alextest -Vault macOSpwshStore
PS /Users/alex> $alexpwd
System.Security.SecureString
Leave a Reply

Your email address will not be published.