Secret Store Automation
In the last article, I introduced you to the secrets management tools from Microsoft. This toolset provides a secure way to store information like credentials, tokens, and keys. The idea is that you can retrieve these items as you need them for your PowerShell work. Even though I know people do, we never want to store secret or sensitive information in script files. Instead, let me demonstrate some ways that you can incorporate a secrets vault into your work. I also want to show you how to extend secrets management to other password tools.
If you want to follow along, I’m going to assume you have set up the Microsoft secret store and added a few secrets.
PS C:\> Get-SecretVault -Name stash
Name ModuleName IsDefaultVault
---- ---------- --------------
Stash microsoft.powershell.secretstore True
PS C:\> Get-secretinfo admin
Name Type VaultName
---- ---- ---------
admin PSCredential Stash
My default vault is still unlocked, so I’m not prompted for a password. In a new PowerShell session, I have to unlock the vault.