Can You Keep a Secret
In the last article, I introduced using CMS messages to protect sensitive information. This is a good technique for encrypting a block of text, but probably not practical to protect more than a few pieces of sensitive information. I assume you have a collection of secret information you use daily, from alternate credentials to API keys and access tokens. What you don’t want to do is store this information in plain-text files. You need a way to manage these secrets.
This article focuses on managing secrets locally. Cloud services like Azure or GitHub have their own tooling, which is outside the scope of this article.
Microsoft has a secrets management toolset for PowerShell. It is designed to make it easier and safer to manage local secrets and is extensible. The SecretManagement module provides an abstraction layer for managing secrets. You can use Microsoft’s SecretStore module as a secure repository. Later I’ll show you how to use other secure storage tools that integrate with Microsoft’s SecretManagement.
For now, let’s set up a secrets management infrastructure and try it out. Microsoft has built a flexible toolset. Once you understand how to set up a vault and use a command like Get-Secret, it doesn’t matter if the backend is Microsoft’s SecretStore or a third-party solution like KeePass or BitWarden. But I’m getting ahead of myself.