The SecretManagement and SecretStore release candidate (RC) modules are now available on the PowerShell Gallery.
The SecretManagement module helps users manage secrets by providing a common set of cmdlets to interface with secrets across vaults. This module supports an extensible model where local and remote vaults can be registered and unregistered for use in accessing and retrieving secrets. SecretStore is a cross-platform local extension vault for use with SecretManagement. We designed this vault as a best attempt at creating a vault that is available where PowerShell is, usable in popular PowerShell scenarios (like automation and remoting) and utilizes common security practices.
For more information on these modules check out these previous blog posts:
- SecretManagement preview 3/SecretStore preveiw 1
- SecretManagement preview 4/SecretStore preview 2
- SecretManagement preview 5/SecretStore preview 3
- SecretManagement preview 6/SecretStore preview 4
Before installing these modules, please uninstall the current preview versions of the modules and restart your PowerShell session.
To install these updates run the following commands:
Uninstall-Module Microsoft.PowerShell.SecretManagement -Force Uninstall-Module Microsoft.PowerShell.SecretStore -Force # Restart your PowerShell session Install-Module -Name Microsoft.PowerShell.SecretManagement -Repository PSGallery Install-Module -Name Microsoft.PowerShell.SecretStore -Repository PSGallery Register-SecretVault -Name SecretStore -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault -AllowClobber
SecretManagement Updates
- Register-SecretVault no longer emits error when strict language mode is set
- Set-DefaultVault cmdlet has been renamed to Set-SecretVaultDefault
General Availability (GA)
This is a “go live” release, which means that we feel that this RC is feature complete and of GA quality. If no bugs are identified through this release, we will increment the versioning and declare the modules as GA in early February. If any high-risk bugs are identified we will continue to release RCs until the quality bar is met for a GA release.
The Extension Vault Ecosystem
To find other SecretManagement extension vault modules, search the PowerShell Gallery for the “SecretManagement” tag. Some community vault extensions that are available:
Thank you to everyone who has created vaults thus far!
Feedback and Support
Community feedback has been essential to the iterative development of these modules. Thank you to everyone who has contributed issues, and feedback thus far! To file issues or get support for the SecretManagement interface or vault development experience please use the SecretManagement repository. For issues which pertain specifically to the SecretStore and its cmdlet interface please use the SecretStore repository.
Sydney Smith
PowerShell Team
Hello PowerShell community !
I have blogged extensively about the SecretsManagement module. You can find my resources in multiple places:
– blog writeup
– Online demo
Also my usergroup has covered this topic as well on more than one occasion.
Also, I have articles being published soon on the various extensions:
http://www.commandline.ninja
Is the secretstore file ‘portable’? So I can set it up once on one machine and then simply ‘copy’ the secretstore file to another machine, maybe it needs re-registering at that point?
The local nature pf the secretstore is great but NOT if I have to setup the secrets on tens ( or hundreds ) of machines …
And once it does this, the next natural question is can I have multiple local secret stores registered? ( which will presumably mean we’ll have to have a way to specify the local store file name to be used? )
The SecretStore is not portable because it was designed to be on the local machine.
However I think you are thinking about this problem the wrong way. The SecretStore vault is one vault available for storing secrets. It's provided by Microsoft because you literally need to be able store secrets somewhere. However, maybe the SecretStore module is not the right fit for you. There are currently 8 other vaults available that you can use. Many of those vaults are cloud / web based, which would solve your problem of carrying secrets to multiple machines.
You can find them by browsing the...
Are you allowed to create\register multiple vaults of type ‘SecretStore’ each storing a different set of secrets and each having a different configuration i.e one with password requirement and one without? It seems Set-SecretStoreConfiguration operates on all SecretStore vaults created and no way to configure them individually.