Menu
I'm trying to get more familiar with using the somewhat new PowerShell module Microsoft.PowerShell.SecretManagement, using the Microsoft.PowerShell.SecretStore vault extension module.
I'm having trouble figuring out how to register the SecretStore without a password from the beginning. AKA, you never have to provide a password at all.
Here's what I'm trying:
Install the modules:
Install-Module Microsoft.PowerShell.SecretManagement, Microsoft.PowerShell.SecretStore
Register a new SecretVault using the SecretStore module as the default:
Register-SecretVault -Name SecretStore -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault
Now here is where I run into issues...
If I try this:
Set-SecretStoreConfiguration -Interaction None -Authentication None
I end up with this:
PS C:\> Set-SecretStoreConfiguration -Interaction None -Authentication None
Confirm
Are you sure you want to perform this action?
Performing the operation "Changes local store configuration" on target "SecretStore module local store".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y
Vault Microsoft.PowerShell.SecretStore requires a password.
Enter password:
****
A password is no longer required for the local store configuration.
To complete the change please provide the current password.
Enter password:
****
PS C:\>
I can't tell if I'm doing something wrong, or if I should submit this as a bug? It doesn't make sense for it to ask me for a password if I say it doesn't need one, and then ask me to provide the same password to remove it.
If it's not a bug, then the only thing I can think of is that it's still using the password behind the scenes for the encryption/decryption process, and the setting Authentication is more about usage of the vault, but the password itself is still used for encryption/decryption.
I also tried passing in default registration parameters to Register-SecretVault like this:
-VaultParameters @{Authentication='None'; Interaction='None'}
And it still required a password, in fact, it didn't even apply the settings after registration, it seems to ignore them completely:
PS C:\> Register-SecretVault -ModuleName Microsoft.PowerShell.SecretStore -Name SecretStore -VaultParameters @{Authentication='None'; Interaction='None'} -DefaultVault
PS C:\> Set-Secret -Name Testing -Secret 'Testing123'
Creating a new SecretStore vault. A password is required by the current store configuration.
Enter password:
****
Enter password again for verification:
****
PS C:\> Get-SecretStoreConfiguration
Scope Authentication PasswordTimeout Interaction
----- -------------- --------------- -----------
CurrentUser Password 900 Prompt
PS C:\>
895
Below are the complete steps for adding/retrieving keys from SecretVault without prompting for a password.
$> Install-Module -Name Microsoft.PowerShell.SecretManagement, Microsoft.PowerShell.SecretStore -Repository PSGallery
$> Register-SecretVault -Name your-datastore -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault
$> Get-SecretVault
$> Get-SecretStoreConfiguration
$> Set-SecretStoreConfiguration -Authentication None -Interaction None
$> Set-Secret -Vault your-datastore -Name your-secret -Secret "your-secret-string"
$> Get-Secret -Vault your-datastore -Name your-secret -AsPlainText
91
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
