Ironman Software Forums
Continue the conversion on the Ironman Software forums. Chat with over 1000 users about PowerShell, PowerShell Universal, and PowerShell Pro Tools.
Storing Passwords in PowerShell with Secret Management
Daily PowerShell #43
November 28, 2021
Discuss this Article
In this post, we’ll learn how to use the Microsoft Secret Management module to passwords.
Installation
You will first need to install the Microsoft.PowerShell.SecretManagement module along with at least one vault to get started. The secret management module provides a Register-SecretVault cmdlet for setting up a vault to store your secrets.
Install-Module Microsoft.PowerShell.SecretManagement
Store Passwords in SecretStore
The SecretStore vault is a cross-platform vault that locally stores secrets in a file secured by a password. This master password is required to unlock the vault to set and get secrets.
Configure the Vault
# Configure Secret Vault
Install-Module Microsoft.PowerShell.SecretStore
Register-SecretVault -Name 'SecretStore' -ModuleName 'Microsoft.PowerShell.SecretStore'
Set-SecretStorePassword -NewPassword (ConvertTo-SecureString Password -AsPlainText -Force)
Use the Vault
Unlock-SecretStore -Password (ConvertTo-SecureString Password -AsPlainText -Force)
Set-Secret -Name 'MyCredential' -Secret (Get-Credential) -Vault 'SecretStore'
Get-Secret -Name 'MyCredential'
Store Passwords in Azure Key Vault
The Azure Key Vault Secret Management Vault integrates with the secret management module with Azure Key Vault.
Configure the Vault
You will need to connect to your Azure account and then use the subscription ID and vault name as parameters when registering your Azure Key Vault.
Connect-AzAccount
$SubId = 'efb2e5dd-bff9-4b28-864a-7de5f7a65ace'
$VaultName = 'credentialVault'
Install-Module Az.KeyVault
Register-SecretVault -ModuleName Az.KeyVault -Name AzKV -VaultParameters @{
AZKVaultName = $VaultName
SubscriptionId = $SubID
} -AllowClobber
Use the Vault
You can use the vault just by specifying the name.
Set-Secret -Name 'MyCredential' -Secret (Get-Credential) -Vault 'AzKV'
Get-Secret -Name 'MyCredential' -Vault 'AzKV'
Store Passwords in Windows Credential Manager
The Credential Manager vault stores passwords in Windows Credential Manager and only works on Windows.
Configure the Vault
Install-Module SecretManagement.JustinGrote.CredMan
Register-SecretVault -Name 'CredMan' -ModuleName 'SecretManagement.JustinGrote.CredMan'
Use the Vault
This vault stores the credentials in the current user’s scope and can be accessed by vault name.
Set-Secret -Name 'MyCredential' -Secret (Get-Credential) -Vault 'CredMan'
Get-Secret -Name 'MyCredential' -Vault 'CredMan'
Access Passwords in Chromium
The SecretManagement.Chrome vault can store and access credentials in Chrome and Edge.
Configure the Vault
Using the Register-ChromiumSecretVault cmdlet, the module will locate and create vaults for each browser and profile.
Install-Module SecretManagement.Chromium
Register-ChromiumSecretVault -Verbose
Use the Vault
Once configured, you can use the vaults by name. The Chromium vault is read-only.
Get-SecretVault
Get-SecretInfo -Vault 'Edge'
Find this useful? Please consider sharing this article. Have a question about PowerShell? Contact us and we'll write a post about it.