Movatterモバイル変換

[0]ホーム
URL:

Skip to content
DEV Community
Log in Create account

DEV Community

Cover image for PowerShell Secret Management
Antonio Di Motta
Antonio Di Motta

Posted on • Edited on

     

PowerShell Secret Management

A secret management is the best way for securely storing and accessing secrets which are anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys.

All major cloud providers have a secret management service, for instanceAzure Key Vault andAWS Secrets Manager. Usually the common way for managing these services is by web portal or CLI.

Another way to manage secrets is by usingPowerShell SecretManagement Module. Next the description of the module grabbed directly from the github repository:

"PowerShell SecretManagement module provides a convenient way for an user to store and retrieve secrets. The secrets are stored in SecretManagement extension vaults. An extension vault is a PowerShell module that has been registered to SecretManagement. An extension vault can store secrets locally or remotely. Extension vaults are registered to the current logged in user context, and will be available only to that user (unless also registered to other users)."

Now, I'm going to describe how to manage secrets stored onAzure Key Vault.

Step 1, install the required modules:

# install secretmanagement modulePS>Install-Module-NameMicrosoft.PowerShell.SecretManagement# install extension vault provider for Azure KeyVaultPS>Install-Module-NameAz.KeyVault# tip to find the extension vault providers availablePS>Find-Module-tag"SecretManagement"
Enter fullscreen modeExit fullscreen mode

Step 2, register the extension vault to the current user:

PS>$subId="<<keyvault-subscriptionid>>"PS>$vaultName="<<keyvault-name>>"PS>Register-SecretVault-NamemyAzKV-ModuleNameAz.KeyVault-VaultParameters@{AZKVaultName=$vaultName;SubscriptionId=$subId}# tip to show the list of extension vault registered (can have more)PS>Get-SecretVaultNameModuleNameIsDefaultVault----------------------------myAzKVAz.KeyVaultTrue
Enter fullscreen modeExit fullscreen mode

Step 3, show the secrets currently stored on registered extension vault:

# get list of secretsPS>Get-SecretInfoNameTypeVaultName-----------------key1UnknownmyAzKVkey2UnknownmyAzKV
Enter fullscreen modeExit fullscreen mode

Step 4, store a new secret

PS>Set-Secretkey3-VaultmyAzKVcmdletSet-Secretatcommandpipelineposition1Supplyvaluesforthefollowingparameters:SecureStringSecret:***********# tip add metadata to secretPS>Set-SecretInfokey3-Metadata@{"purpose"="demo"}
Enter fullscreen modeExit fullscreen mode

Step 5, retrieve the contents of a secret

# get secret contentsPS>Get-Secretkey3-AsPlainText-vaultmyAzKVHelloWorld
Enter fullscreen modeExit fullscreen mode

Thanks for reading!

Top comments(0)

Subscribe
pic
Create template

Templates let you quickly answer FAQs or store snippets for re-use.

Dismiss

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment'spermalink.

For further actions, you may consider blocking this person and/orreporting abuse

Web addicted, passionate about Cloud, DevOps and running.
  • Location
    Salerno, Italy
  • Education
    Master degree in computer science
  • Work
    Technical Architect at Relatech spa
  • Joined

More fromAntonio Di Motta

DEV Community

We're a place where coders share, stay up-to-date and grow their careers.

Log in Create account
[8]ページ先頭
©2009-2025 Movatter.jp