Everyone loves a good secret and anything to make it easier to store that secret and keep it from prying eyes is worth looking at. With that in mind, I was immediately interested when I read about the release of the new PowerShell Secrets Management Module.
Note that the current module uses the built-in Credentials Manager, which apparently can be exploited. Nonetheless, I have found it useful and easy to use and there is the promise to use extensions, including Azure and other “vaults” in the future.
So, how do you get this to work?
First install the module from https://www.powershellgallery.com/packages/Microsoft.PowerShell.SecretsManagement/0.2.0-alpha1
Install-Module -Name Microsoft.PowerShell.SecretsManagement -AllowPrerelease
If you find it’s not installing or loading correctly, be sure to update the local PowerShellGet module. I found that I also needed to install the latest .Net version. After that, things worked as expected.
Now add the password/secret to the Credentials Manager on the local machine via the new module. Remember you are adding this in the context of the current user, so only the logged in user will have access to it.
Add-Secret -Name Test -Secret Secret
In the example above the secret is….well, Secret and the name is Test. Clever, right?
You can view it a number of ways:
Get-Secret -Name Test
Get-Secret -Name Test -AsPlainText
Name ModuleName ImplementingType
—- ———- —————-
From the Credentials Manager on that machine, you can see it as well:
Let’s assume you have a script that needs a name and password to authenticate to the local domain. You could pass that new secret easily in this really basic example. (Again, running in the context of the user account on the local machine where you created the secret)
$User = “domain\User1”
$Pwd = (Get-Secret Test)
$UserCredential = New-Object System.Management.Automation.PSCredential ($User, $Pwd)
Get-ADUser -Identity <user> -Credential $UserCredential
Pretty nifty, right? All I had to do was grab the password on the fly from the vault using Get-Secret.
Anyway, that’s it. Not much to get it to work, but lots of potential. I am looking forward to using this module as it matures.