Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Should be a slick way to store and retrieve a PSCredential object from a Key Vault Secret #10434

Open
buchs opened this issue Oct 30, 2019 · 6 comments
Assignees
Labels
Azure PS Team customer-reported feature-request This issue requires a new behavior in the product in order be resolved.

Comments

@buchs
Copy link

buchs commented Oct 30, 2019

Description of the new feature

Need an easy way to store and retrieve a PSCredential object. For example:

$creds = Get-Credential
Set-AzKeyVaultSecret -VaultName $vaultName -name $secretName -PsCredential $creds

and

$credsRetrieved = Get-AzKeyVaultSecret -vaultName $VaultName -name $secretName -PsCredential

The Existing Mechanism

Here is the clunky way I have come up with to do it:

$Creds = Get-Credential -Message "$msg"
# create an vertical tab-delimited string from the values entered
$secretstring = $Creds.GetNetworkCredential().UserName + "`v" + $Creds.GetNetworkCredential().Password
$secretvalue = ConvertTo-SecureString $secretstring -AsPlainText -Force
# store in Key Vault
Set-AzKeyVaultSecret -VaultName $VaultName -name $DomainSecretName -secretvalue  $secretvalue

and

$secretValueParts = (Get-AzKeyVaultSecret -vaultName $VaultName -name $DomainSecretName).SecretValueText -Split "``v"
$password = ConvertTo-SecureString $secretValueParts[1] -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential ($secretValueParts[0], $password)
@buchs buchs added Azure PS Team feature-request This issue requires a new behavior in the product in order be resolved. triage labels Oct 30, 2019
@buchs
Copy link
Author

buchs commented Oct 30, 2019

Since PSCredential objects are often used in PowerShell, I was surprised there wasn't already some way to do this. Seems natural.

@wyunchi-ms wyunchi-ms removed the triage label Oct 31, 2019
@wyunchi-ms
Copy link
Contributor

wyunchi-ms commented Oct 31, 2019

Hi @buchs thanks for your recommendation. We will consider it.

@guidooliveira
Copy link

guidooliveira commented Jun 17, 2020

This would be really useful, and reduce the amount of secrets stored.

@dcaro
Copy link
Contributor

dcaro commented Jul 11, 2020

Supporting PSCredentials as is in Keyvault would be confusing for other customers of KV.
We are considering a method in the KeyVault module that will convert PSCredentials to / from KV Secrets.
Please react to let us know what you think of it.

@buchs
Copy link
Author

buchs commented Jul 11, 2020

I don’t understand why adding another credential type would be confusing to current users. They wouldn’t need to care or even notice the change. But I guess an additional module is a solution. Of key importance would be the word ”slick” in the title of this issue. Make it trivially easy to use.

@dcaro
Copy link
Contributor

dcaro commented Jul 14, 2020

Sorry if I was not clear, we evaluated if native support of PSCredentials was an option instead of relying on secrets.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Azure PS Team customer-reported feature-request This issue requires a new behavior in the product in order be resolved.
Projects
None yet
Development

No branches or pull requests

5 participants