Microsoft Commercially Releases PowerShell Secret Management Modules
Microsoft last week announced the release of two PowerShell modules that aim to make it easier to invoke scripted processes that require so-called "secrets" or passcodes to work.
The new modules, available from the PowerShell Gallery at the "general availability" commercial-release stage, are Microsoft.PowerShell.SecretManagement and Microsoft.PowerShell.SecretStore. The two modules work together, providing management and vault storage functions.
One perk of Secret Management is the ability to share scripts across an organization without knowing the platforms used by others. Another perk is that scripts can be run in "local, test and production" environments with just a single change in the vault parameter. Also, authentication methods can be changed without needing to upgrade scripts.
Secret Management provides a means of interfacing with secret vaults. Secret Store is Microsoft's cross-platform version (Windows, Linux and macOS) of a so-called "extension vault." Extension vaults are used to connect the Secret Management module with secret vaults.
"Extension vaults, which are PowerShell modules with a particular structure, provide the connection between the SecretManagement module and any local or remote Secret Vault," the announcement explained.
Extension vaults are "highly configurable" and other developers besides Microsoft can create them. Here's Microsoft's list of available "community" extension vaults that will work with Microsoft's Secret Management module:
Microsoft's Secret Store extension vault encrypts secrets on an organization's local file system. If organizations need remote operations, though, Microsoft recommends using its Azure Key Vault extension vault, starting from version 3.3.0.
Secret Management has various cmdlets ("commandlets"), which are used to register local and remote vaults for accessing and retrieving secrets. There's an option to add metadata descriptions (nonsensitive data) to the secrets so that organizations can better recall how they're to be used.
Microsoft first introduced its PowerShell Secrets Management concept about a year ago, when it was at alpha-release stage.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.