A secret management is the best way for securely storing and accessing secrets which are anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys.
All major cloud providers have a secret management service, for instance Azure Key Vault and AWS Secrets Manager. Usually the common way for managing these services is by web portal or CLI.
Another way to manage secrets is by using PowerShell SecretManagement Module. Next the description of the module grabbed directly from the github repository:
"PowerShell SecretManagement module provides a convenient way for an user to store and retrieve secrets. The secrets are stored in SecretManagement extension vaults. An extension vault is a PowerShell module that has been registered to SecretManagement. An extension vault can store secrets locally or remotely. Extension vaults are registered to the current logged in user context, and will be available only to that user (unless also registered to other users)."
Now, I'm going to describe how to manage secrets stored on Azure Key Vault.
Step 1, install the required modules:
# install secretmanagement module
PS > Install-Module -Name Microsoft.PowerShell.SecretManagement
# install extension vault provider for Azure KeyVault
PS > Install-Module -Name Az.KeyVault
# tip to find the extension vault providers available
PS > Find-Module -tag "SecretManagement"
Step 2, register the extension vault to the current user:
PS > $subId = "<<keyvault-subscriptionid>>"
PS > $vaultName = "<<keyvault-name>>"
PS > Register-SecretVault -Name myAzKV -ModuleName Az.KeyVault -VaultParameters @{AZKVaultName=$vaultName;SubscriptionId=$subId}
# tip to show the list of extension vault registered (can have more)
PS > Get-SecretVault
Name ModuleName IsDefaultVault
---- ---------- --------------
myAzKV Az.KeyVault True
Step 3, show the secrets currently stored on registered extension vault:
# get list of secrets
PS > Get-SecretInfo
Name Type VaultName
---- ---- ---------
key1 Unknown myAzKV
key2 Unknown myAzKV
Step 4, store a new secret
PS > Set-Secret key3 -Vault myAzKV
cmdlet Set-Secret at command pipeline position 1
Supply values for the following parameters:
SecureStringSecret: ***********
# tip add metadata to secret
PS > Set-SecretInfo key3 -Metadata @{"purpose"="demo"}
Step 5, retrieve the contents of a secret
# get secret contents
PS > Get-Secret key3 -AsPlainText -vault myAzKV
Hello World
Thanks for reading!
Top comments (0)