Password Management in Powershell

In any automation method, password management is a very critical part. You do not want to store the plaintext credentials required for your automation to continue orchestration tasks. Likewise, other passwords, such as certificate fingerprints and account keys, must be stored in a secure location that the orchestration can access and consume.

In PowerShell, we always use the internal credential manager to store these passwords. There are several modules in the VPNbug Gallery that you can use easily.

Read more:
How to uninstall programs using PowerShell
Find a Hyper-V VM Host via Powershell
Enabling the RDP Protocol via Powershell
Manage VMs in your Hyper-V 3.0 environment

There are also modules that involve third-party safes, such as the Hashicorp Vault or the SecureStore . However, there was nothing officially supported by Microsoft (Azure Vault does not account for password management in PowerShell) or the PowerShell team so far.

At Ignite 2019, the PowerShell team introduced the password management in PowerShell . Today the PowerShell team announced a version in development a module for managing PowerShell passwords.

InstallModule Name Microsoft.PowerShell.SecretsManagement AllowPrerelease

This module uses the built-in credential manager for password management and provides the above commands for that purpose. The current design of this module allows for extensibility as per the PowerShell team blog post. Therefore, you must be able to add support for another vault by registering the PowerShell module (provided it adopts the format required by the SecretsManagement module) written for the third party vault.

I have been using some existing modules for covert management in my design and deployment automation. I mainly use the internal Credential Manager for this purpose. I actually demonstrated how I use this on Garuda Framework . With the development version of this new module from the PowerShell team, I will begin to analyze my existing automation to use this module. The only advantage I see here is the nature of the module's extensibility. This provides sufficient flexibility when moving from one type of safe to another or introduces a new one when needed. Looking forward to seeing what the community comes here for.

Follow the news in real time. Follow our Instagram profile..

Felipe Santos
Felipe Santos is a Cloud and Security Architect, with experience in Windows Server, Cluster, Storages, Backups Veeam and Office 365 environments.



Do you want to upgrade your career? 

Invest in yourself and get ahead! Get that dream job in 2022!