{"id":18899,"date":"2021-03-03T10:55:58","date_gmt":"2021-03-03T18:55:58","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/powershell\/?p=18899"},"modified":"2022-04-06T09:53:36","modified_gmt":"2022-04-06T17:53:36","slug":"secretmanagement-and-secretstore-release-candidate-2","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/powershell\/secretmanagement-and-secretstore-release-candidate-2\/","title":{"rendered":"SecretManagement and SecretStore Release Candidate 2"},"content":{"rendered":"<p class=\"rich-diff-level-zero\">The\u00a0<a class=\"rich-diff-level-one\" href=\"https:\/\/www.powershellgallery.com\/packages\/Microsoft.PowerShell.SecretManagement\" rel=\"nofollow\">SecretManagement<\/a>\u00a0and\u00a0<a class=\"rich-diff-level-one\" href=\"https:\/\/www.powershellgallery.com\/packages\/Microsoft.PowerShell.SecretStore\" rel=\"nofollow\">SecretStore<\/a>\u00a0release candidate 2 (RC2) modules are now available on the PowerShell Gallery. These releases contain an exciting new feature which allows users to provide non-sensitive metadata for secrets (note: this feature may not be available for all extension vaults).<\/p>\n<p>For more context on these modules check out these previous blog posts:<\/p>\n<ul class=\"added rich-diff-level-zero\">\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/devblogs.microsoft.com\/powershell\/secretmanagement-preview-3\/\" rel=\"nofollow\">SecretManagement preview 3\/SecretStore preview 1<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/devblogs.microsoft.com\/powershell\/secretmanagement-and-secretstore-updates\" rel=\"nofollow\">SecretManagement preview 4\/SecretStore preview 2<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/devblogs.microsoft.com\/powershell\/secretmanagement-and-secretstore-updates-2\/\" rel=\"nofollow\">SecretManagement preview 5\/SecretStore preview 3<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/devblogs.microsoft.com\/powershell\/secretmanagement-preview-6-and-secretstore-preview-4\/\" rel=\"nofollow\">SecretManagement preview 6\/SecretStore preview 4<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/devblogs.microsoft.com\/powershell\/secretmanagement-and-secretstore-release-candidates\/\" rel=\"nofollow\">SecretManagement\/SecretStore RC<\/a><\/li>\n<\/ul>\n<p class=\"rich-diff-level-zero\">Before installing this module, please uninstall the current preview versions of the module and restart your PowerShell session.<\/p>\n<p>To install these updates run the following commands:<\/p>\n<pre>Uninstall-Module Microsoft.PowerShell.SecretManagement -Force\r\nUninstall-Module Microsoft.PowerShell.SecretStore -Force\r\n# Restart your PowerShell session\r\nInstall-Module -Name Microsoft.PowerShell.SecretStore -Repository PSGallery\r\nRegister-SecretVault -Name SecretStore -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault -AllowClobber<\/pre>\n<h2>SecretManagement Updates<\/h2>\n<p>In addition to bug fixes, this release adds support for secret metadata. Users can now optionally provide non-sensitive metadata for their secrets. Secret metadata was a highly requested feature because as users store more secrets in SecretManagment, they may want to know what the secrets are intended for (for example, a particular subscription, or scenario). As users manage their secrets they may also want to add metadata around secret creation date, expiration time, or other information to manage the secret lifecycle. Metadata is optional for secret vaults to support so it may not be available for all vault extensions.<\/p>\n<h3>Fixes<\/h3>\n<ul class=\"added rich-diff-level-zero\">\n<li class=\"rich-diff-level-one\"><code>Get-Secret<\/code>\u00a0and\u00a0<code>Remove-Secret<\/code>\u00a0cmdlets now honor the\u00a0<code>VaultName<\/code>\u00a0parameter from a piped in\u00a0<code>SecretInformation<\/code>\u00a0object<\/li>\n<li class=\"rich-diff-level-one\">Secret name and vault name autocompletion now correctly handles names with spaces<\/li>\n<\/ul>\n<h3 class=\"rich-diff-level-zero\">Changes<\/h3>\n<p>A warning is now displayed when secret cmdlets are used and no vaults are currently registered. For example, if\u00a0Get-SecretInfo\u00a0is run without any vaults registered the following warning is emitted:<\/p>\n<pre>WARNING:\r\n        There are currently no extension vaults registered.\r\n        At least one vault must be registered before SecretManagement can add or retrieve secrets.\r\n        You can download SecretManagement extension vault modules from PowerShellGallery.\r\n        https:\/\/aka.ms\/SecretManagementVaults<\/pre>\n<h3>New Features<\/h3>\n<ul class=\"added rich-diff-level-zero\">\n<li class=\"rich-diff-level-one\"><code>SecretInformation<\/code>\u00a0class now has a new\u00a0<code>Metadata<\/code>\u00a0property for the new secret metadata support<\/li>\n<li class=\"rich-diff-level-one\"><code>Set-Secret<\/code>\u00a0cmdlet now has a new optional\u00a0<code>-Metadata<\/code>\u00a0property to include additional non-sensitive data associated with a secret. Note that not all vaults will support metadata, if the\u00a0<code>-Metadata<\/code>\u00a0parameter is used with a vault that does not support metadata the following error is emitted:<\/li>\n<\/ul>\n<pre class=\"rich-diff-level-zero\"><code class=\"rich-diff-level-one\">Cannot set secret metadata. Vault [Vault Name] does not support secret metadata.\r\n<\/code><\/pre>\n<ul class=\"added rich-diff-level-zero\">\n<li class=\"rich-diff-level-one\">New\u00a0<code>Set-SecretInfo<\/code>\u00a0cmdlet that takes a\u00a0<code>-Metadata<\/code>\u00a0property which sets additional non-sensitive data to a secret<\/li>\n<\/ul>\n<h2 class=\"rich-diff-level-zero\">SecretStore Updates<\/h2>\n<p>This release adds support for secret metadata.<\/p>\n<h2>How to use metadata with the SecretStore<\/h2>\n<p class=\"rich-diff-level-zero\">To create a new secret with metadata you can run:<\/p>\n<p class=\"rich-diff-level-zero\"><code class=\"rich-diff-level-one\">Set-Secret -Name foo -Secret fooSecret -Metadata @{purpose = \"example\"}<\/code><\/p>\n<p>To view secret metadata you can then run the command<\/p>\n<pre class=\"prettyprint\">Get-SecretInfo | select name, metadata<\/pre>\n<p>You can also set metadata for an existing secret using the\u00a0<code class=\"rich-diff-level-one\">Set-SecretInfo<\/code>\u00a0cmdlet:<\/p>\n<p class=\"rich-diff-level-zero\"><code class=\"rich-diff-level-one\">Set-SecretInfo bar -Metadata @{purpose = \"showing the new cmdlet\"}<\/code><\/p>\n<p>Since SecretMetadata is for non-sensitive data, if you need to store sensitive metadata you may want to consider storing it as a hashtable in the vault itself. For example, if I consider the username, or subscriptionID to be sensitive for particular secrets for resource1 and resource2, I may want to create a secret like:<\/p>\n<p class=\"rich-diff-level-zero\"><code class=\"rich-diff-level-one\">Set-Secret -name secretMetadata -Secret @{ resource1 = \"username1, subID1\"; resource2 = \"username, subID2\"}<\/code><\/p>\n<h2>General Availability (GA)<\/h2>\n<p>This is a &#8220;go live&#8221; release, which means that we feel that this RC is feature complete and supported in production.<\/p>\n<p>If no bugs are identified through this release, we will increment the versioning and declare the modules as GA in early April. If any high-risk bugs are identified we will continue to release RCs until the quality bar is met for a GA release.<\/p>\n<h2>The Extension Vault Ecosystem<\/h2>\n<p>To find other SecretManagement extension vault modules, search the PowerShell Gallery for the &#8220;SecretManagement&#8221; tag. Some community vault extensions that are available:<\/p>\n<ul class=\"added rich-diff-level-zero\">\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/www.powershellgallery.com\/packages\/SecretManagement.KeePass\" rel=\"nofollow\">KeePass<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/www.powershellgallery.com\/packages\/SecretManagement.LastPass\" rel=\"nofollow\">LastPass<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/www.powershellgallery.com\/packages\/SecretManagement.Hashicorp.Vault.KV\" rel=\"nofollow\">Hashicorp Vault<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/www.powershellgallery.com\/packages\/SecretManagement.KeyChain\" rel=\"nofollow\">KeyChain<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/www.powershellgallery.com\/packages\/SecretManagement.JustinGrote.CredMan\" rel=\"nofollow\">CredMan<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/www.powershellgallery.com\/packages\/Az.KeyVault\" rel=\"nofollow\">Azure KeyVault<\/a><\/li>\n<\/ul>\n<p class=\"rich-diff-level-zero\">Thank you to everyone who has created vaults thus far!<\/p>\n<h2 class=\"rich-diff-level-zero\">Community blogs<\/h2>\n<p>There are also a number of community blogs and resources on this topic. Some of these include:<\/p>\n<ul class=\"added rich-diff-level-zero\">\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/www.powershell.co.at\/powershell-secrets-management-part-1-introduction\/\" rel=\"nofollow\">SecretManagement Part 1 Introduction<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/www.powershell.co.at\/powershell-secrets-management-part-2-installation-and-first-steps\/\" rel=\"nofollow\">SecretManagement Part 2 Installation and first steps<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/www.youtube.com\/watch?v=5Za02Y8jCBw\" rel=\"nofollow\">PowerShell: Microsoft&#8217;s SecretManagement Module<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/www.youtube.com\/watch?v=a0z516tley8\" rel=\"nofollow\">Module Monday &#8211; Secret Management<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/connorcarnes.com\/posts\/pwshsecrets\/\" rel=\"nofollow\">PWSHsecrets<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/4sysops.com\/archives\/secretsmanagement-module-for-powershell-save-passwords-in-powershell\/\" rel=\"nofollow\">SecretManagement module for PowerShell<\/a><\/li>\n<li class=\"rich-diff-level-one\"><a href=\"https:\/\/dev.to\/adbertram\/writing-an-extension-vault-for-powershell-secretmanagement-preview-4-19o6\" rel=\"nofollow\">Writing an Extension Vault for Powershell SecretManagement<\/a><\/li>\n<\/ul>\n<h2 class=\"rich-diff-level-zero\">Feedback and Support<\/h2>\n<p class=\"rich-diff-level-zero\">Community feedback has been essential to the iterative development of these modules. Thank you to everyone who has contributed issues, and feedback thus far! As we approach General Availability for these modules now is the time to test the modules against your scenarios to request changes (especially breaking ones) and discover bugs. To file issues or get support for the SecretManagement interface or vault development experience please use the\u00a0<a class=\"rich-diff-level-one\" href=\"https:\/\/github.com\/PowerShell\/SecretManagement\">SecretManagement repository<\/a>. For issues which pertain specifically to the SecretStore and its cmdlet interface please use the\u00a0<a class=\"rich-diff-level-one\" href=\"https:\/\/github.com\/PowerShell\/SecretStore\">SecretStore repository<\/a>.<\/p>\n<p class=\"rich-diff-level-zero\">Sydney Smith<\/p>\n<p class=\"rich-diff-level-zero\">PowerShell Team<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The\u00a0SecretManagement\u00a0and\u00a0SecretStore\u00a0release candidate 2 (RC2) modules are now available on the PowerShell Gallery. These releases contain an exciting new feature which allows users to provide non-sensitive metadata for secrets (note: this feature may not be available for all extension vaults). For more context on these modules check out these previous blog posts: SecretManagement preview 3\/SecretStore preview [&hellip;]<\/p>\n","protected":false},"author":2299,"featured_media":13641,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[3174,3181],"class_list":["post-18899","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-powershell","tag-secretmanagement","tag-secretstore"],"acf":[],"blog_post_summary":"<p>The\u00a0SecretManagement\u00a0and\u00a0SecretStore\u00a0release candidate 2 (RC2) modules are now available on the PowerShell Gallery. These releases contain an exciting new feature which allows users to provide non-sensitive metadata for secrets (note: this feature may not be available for all extension vaults). For more context on these modules check out these previous blog posts: SecretManagement preview 3\/SecretStore preview [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/18899","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/users\/2299"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/comments?post=18899"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/18899\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media\/13641"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media?parent=18899"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/categories?post=18899"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/tags?post=18899"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}