SecretStore Release Candidate 3
The SecretStore release candidate 3 (RC3) module is now available on the PowerShell Gallery. This contains an exciting new feature which allows users to non-interactively create, and configure a SecretStore. This feature was added to support CI systems and other automated scenarios.
SecretStore is an extension vault module, for PowerShell SecretManagement, which works over all supported PowerShell platforms on Windows, Linux, and macOS. For more context on this module and the SecretManagement module refer to the previous blog posts:
For more context on these modules check out these previous blog posts:
- SecretManagement preview 3/SecretStore preview 1
- SecretManagement preview 4/SecretStore preview 2
- SecretManagement preview 5/SecretStore preview 3
- SecretManagement preview 6/SecretStore preview 4
- SecretManagement/SecretStore RC
- SecretManagement/SecretStore RC 2
Before installing this module, please uninstall the current preview versions of the module and restart your PowerShell session.
To install these updates run the following commands:
Uninstall-Module Microsoft.PowerShell.SecretStore -Force # Restart your PowerShell session Install-Module -Name Microsoft.PowerShell.SecretStore -Repository PSGallery Register-SecretVault -Name SecretStore -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault -AllowClobber
Previously, Set-SecretStoreConfiguration required manual password confirmation to make changes to SecretStore configuration. This update adds a -Password parameter to Set-SecretStoreConfiguration to endable automated creation and configuration of a SecretVault.
-Forceparameter was removed from the
Set-SecretStoreConfigurationcommand, and instead the
-Confirm:$falseshould be used to suppress PowerShell confirmation prompting in automation scripts.
Set-SecretStoreConfigurationcommand now takes a
-Passwordparameter so that there is no need to prompt for a password
How to non-interactively create and configure a SecretStore
This is an example of automation script that installs and configures the Microsoft.PowerShell.SecretStore module without user prompting. The configuration requires a password and sets user interaction to None, so that SecretStore will never prompt the user. The configuration also requires a password, and the password is passed in as a SecureString object. The
-Confirm:false parameter is used so that PowerShell will not prompt for confirmation.
The SecretStore password must be provided in a secure fashion. Here the password is being imported from an encrypted file using Windows Data Protection API, but this is a Windows only solution. Another option is to use a CI system mechanism such as secure variables.
Next, the SecretManagement module is installed and the SecretStore module registered so that the SecretStore secrets can be managed.
The Unlock-SecretStore cmdlet is used to unlock the SecretStore for this session. The password timeout was configured for 1 hour and SecretStore will remain unlocked in the session for that amount of time, after which it will need to be unlocked again before secrets can be accessed.
Install-Module -Name Microsoft.PowerShell.SecretStore -Repository PSGallery -Force $password = Import-CliXml -Path $securePasswordPath Set-SecretStoreConfiguration -Scope CurrentUser -Authentication Password -PasswordTimeout 3600 -Interaction None -Password $password -Confirm:$false Install-Module -Name Microsoft.PowerShell.SecretManagement -Repository PSGallery -Force Register-SecretVault -Name SecretStore -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault Unlock-SecretStore -Password $password
General Availability (GA)
This is a “go live” release, which means that we feel that this RC is feature complete and supported in production.
If no bugs are identified through this release, we will increment the versioning and declare the module as GA in late March. If any high-risk bugs are identified we will continue to release RCs until the quality bar is met for a GA release.
Feedback and Support
Community feedback has been essential to the iterative development of these modules. Thank you to everyone who has contributed issues, and feedback thus far! To file issues or get support for the SecretManagement interface or vault development experience please use the SecretManagement repository. For issues which pertain specifically to the SecretStore and its cmdlet interface please use the SecretStore repository.