In my opinion, the whole thing about Microsofts iniciative with secrets, is to avoid having secrets stored in scripts. As long as they have been stored on local harddrives, the problem was worst enough, now with having so many scripts publicy available on Github and other public repos this should not happen.
So what we all want is a save place for our secrets (Credentials, API-Keys, passwords), a possibility to run (unattanded) scripts and use those secrets there.
Microsoft recently released RC3 of the SecretStore module which will most likely be the final release 1.0. I am using this version for this blog post.
Preparing for unattended use of secrets.
To use a secret in a script you need to configure the secretstore aith Authentication „none“. This means, the only protection for the secret store is the users credential.
|
1 |
Set-SecretStoreConfiguration -Authentication None -Confirm:$false |
If you now retreive a secret from the store, i.e. inside a script, there will be no further interaction and the secret is available at your command.
|
1 2 3 4 5 6 7 |
# Read a secret Get-Secret -name myStringSecret #output will be: System.Security.SecureString # To read a secret in plaintext use: Get-Secret -name myStringSecret -AsPlainText |
Now, the whole thing makes sense for me. Happy testing and experimenting!
Roman
Photo by Simon Migaj on Unsplash
