Manage secrets with PowerShell
Set-up a new secret store Link to heading
Install required modules.
Install-Module Microsoft.PowerShell.SecretManagement, Microsoft.PowerShell.SecretStore
Export your vault password to a CLI XML file in your PowerShell profile directory.
$vaultPassword = Read-Host 'Enter a vault password' -AsSecureString
$vaultPasswordPath = Join-Path -Path (Split-Path -Path $PROFILE) -ChildPath 'SecretStore.vault.credential'
$vaultPassword | Export-CliXml -Path $vaultPasswordPath
Register a new vault (named SecretStore).
Set-SecretStoreConfiguration -Scope CurrentUser -Authentication Password -PasswordTimeout (60*60) -Interaction None -Password $vaultPassword -Confirm:$false
Register-SecretVault -Name 'SecretStore' -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault
Add a secret to the vault Link to heading
Unlock the vault.
$vaultPasswordPath = Join-Path -Path (Split-Path -Path $PROFILE) -ChildPath 'SecretStore.vault.credential'
$vaultPassword = Import-CliXml -Path $vaultPasswordPath
Unlock-SecretStore -Password $vaultPassword
Add the secret.
Set-Secret -Name (Read-Host 'Secret name') -Metadata @{ Description = (Read-Host 'Secret description') } -Secret (ConvertFrom-SecureString -SecureString (Read-Host 'Secret value' -AsSecureString) -AsPlainText)
Fetch a secret from the vault Link to heading
List all secrets.
Get-SecretInfo
Fetch the secret.
$vaultPasswordPath = Join-Path -Path (Split-Path -Path $PROFILE) -ChildPath 'SecretStore.vault.credential'
$vaultPassword = Import-CliXml -Path $vaultPasswordPath
Unlock-SecretStore -Password $vaultPassword
$secret = Get-Secret -Name 'MySecretName'