Microsoft: PowerShell's new 'secrets' tool preview is out

Microsoft Secrets Management module is for managing secrets in heterogeneous clouds.

Microsoft has released the second preview of the Secrets Management Module, a PowerShell module for managing secrets and credentials. 

Microsoft unveiled the PowerShell Secrets at Ignite 2019 as a new way to securely manage secrets in cloud environments that rely on components from multiple vendors, such as many secrets providers. 

The module provides a set of cmdlets that let users store secrets locally using a vault provider and access secrets from remote vaults. Users can register and unregister local and remote vaults on the local machine to manage and retrieve secrets. Microsoft released the first preview in February and now has issued the second preview. 

Microsoft created Secrets Management to address some of the challenges PowerShell developers face when advanced scripts require multiple secrets for coordinating across different clouds. The Secrets Management Module supports several secret types, including PSCredential, SecureString, String, HashTable, and Bye[ ].

SEE: 30 things you should never do in Microsoft Office (free PDF)

The default vault on Windows is Credential Manager, or CredMan, which is used to authenticate to a remote vault. Microsoft thinks it could be helpful by allowing developers to run scripts in local, test, and production environments by only tweaking the vault. On Linux, Microsoft plans to use GNOME Keyring while on macOS it will be Apple Keychain. 

The first two previews for PowerShell Secrets Management are only available for Windows but support for Linux is planned for the next preview followed by macOS support. 

Users who want to install the second preview will need to completely replace the module and extension modules due to breaking changes in this release. 

Some of the changes in this update include new cmdlet names, with, for example, Add-Secret now becoming Set-Secret to reflect its intent. There's a new Test-Vault cmdlet that allows owners of a vault extension to check it is properly configured at registration time. 

Sydney Smith, a program manager on Microsoft's PowerShell team, noted that users who installed the first preview should first remove any secrets from the LocalDefaultVault before installing the second preview. 

"Based on feedback we changed the naming convention for secrets stored in CredMan, therefore previous secrets stored in the local vault will no longer be visible after the new version of the module is installed," Smith explained.

SEE: Microsoft: VS Code for PowerShell 7 arrives with ISE mode 

However, users can still view and remove the old secrets via CredMan UI.    

Smith provides instructions for installing the second preview from a PowerShell console on the PowerShell developer blog.