diff --git a/.ci/ci.yml b/.ci/ci.yml index f2aac30..632159b 100644 --- a/.ci/ci.yml +++ b/.ci/ci.yml @@ -10,8 +10,12 @@ pr: include: - master -variables: - - group: ESRP +resources: + repositories: + - repository: ComplianceRepo + type: github + endpoint: ComplianceGHRepo + name: PowerShell/compliance stages: - stage: Build @@ -20,7 +24,8 @@ stages: - job: BuildPkg displayName: Build Package pool: - name: Package ES CodeHub Lab E + vmImage: windows-latest + steps: - powershell: | $powerShellPath = Join-Path -Path $env:AGENT_TEMPDIRECTORY -ChildPath 'powershell' @@ -90,53 +95,14 @@ stages: $modPath = Join-Path -Path $modulePath -ChildPath PSPackageProject Write-Verbose -Verbose "Importing PSPackageProject from: $modPath" Import-Module -Name $modPath -Force - # $config = Get-PSPackageProjectConfiguration - $signSrcPath = "$($config.BuildOutputPath)\$($config.ModuleName)" - $signOutPath = "$($config.SignedOutputPath)\$($config.ModuleName)" - if (! (Test-Path -Path $signOutPath)) { - $null = New-Item -Path $signOutPath -ItemType Directory - } - - # Set signing src path variable - $vstsCommandString = "vso[task.setvariable variable=signSrcPath]${signSrcPath}" - Write-Host "sending " + $vstsCommandString - Write-Host "##$vstsCommandString" - - # Set signing out path variable - $vstsCommandString = "vso[task.setvariable variable=signOutPath]${signOutPath}" - Write-Host "sending " + $vstsCommandString - Write-Host "##$vstsCommandString" - displayName: Set up for code signing - condition: and(and(succeeded(), eq(variables['Build.Reason'], 'Manual')), ne(variables['SkipSigning'], 'True')) - - - pwsh: | - Get-ChildItem -Path env: - displayName: Capture environment for module code signing - condition: succeededOrFailed() - - - template: ./templates/sign.yml - parameters: - buildOutputPath: $(signSrcPath) - signOutputPath: $(signOutPath) - certificateId: "CP-230012" - pattern: '*.dll,*.psd1,*.psm1' - - - pwsh: | - $modulePath = Join-Path -Path $env:AGENT_TEMPDIRECTORY -ChildPath 'TempModules' - $env:PSModulePath = $modulePath + [System.IO.Path]::PathSeparator + $env:PSModulePath - $modPath = Join-Path -Path $modulePath -ChildPath PSPackageProject - Write-Verbose -Verbose "Importing PSPackageProject from: $modPath" - Import-Module -Name $modPath -Force # - if ($env:SkipSigning -eq 'True') - { - $(Build.SourcesDirectory)/build.ps1 -Publish - } - else - { - $(Build.SourcesDirectory)/build.ps1 -Publish -Signed - } + $srcModulePath = Resolve-Path -Path "$($config.BuildOutputPath)/$($config.ModuleName)" + Get-ChildItem $srcModulePath + $artifactName = "$($config.ModuleName)" + Write-Host "##vso[artifact.upload containerfolder=$artifactName;artifactname=$artifactName;]$srcModulePath" + # + $(Build.SourcesDirectory)/build.ps1 -Publish displayName: Create module artifact - stage: Compliance @@ -145,9 +111,18 @@ stages: jobs: - job: ComplianceJob pool: - name: Package ES CodeHub Lab E + vmImage: windows-latest steps: - - template: compliance.yml + - checkout: self + clean: true + - checkout: ComplianceRepo + clean: true + - download: current + artifact: 'Microsoft.PowerShell.SecretStore' + - template: ci-compliance.yml@ComplianceRepo + parameters: + # credscan + suppressionsFile: '' - stage: Test displayName: Test Package @@ -157,13 +132,13 @@ stages: parameters: jobName: TestPkgWin displayName: PowerShell Core on Windows - imageName: windows-2019 + imageName: windows-latest - template: test.yml parameters: jobName: TestPkgWinPS displayName: Windows PowerShell on Windows - imageName: windows-2019 + imageName: windows-latest powershellExecutable: powershell - template: test.yml @@ -177,9 +152,3 @@ stages: jobName: TestPkgWinMacOS displayName: PowerShell Core on macOS imageName: macOS-10.14 - -- stage: Release - displayName: Release Package - condition: and(and(succeeded(), eq(variables['Build.Reason'], 'Manual')), eq(variables['Publish'], 'True')) - jobs: - - template: release.yml diff --git a/.ci/compliance.yml b/.ci/compliance.yml deleted file mode 100644 index 37ef971..0000000 --- a/.ci/compliance.yml +++ /dev/null @@ -1,145 +0,0 @@ -steps: - -- powershell: | - $powerShellPath = Join-Path -Path $env:AGENT_TEMPDIRECTORY -ChildPath 'powershell' - Invoke-WebRequest -Uri https://raw.githubusercontent.com/PowerShell/PowerShell/master/tools/install-powershell.ps1 -outfile ./install-powershell.ps1 - ./install-powershell.ps1 -Destination $powerShellPath - $vstsCommandString = "vso[task.setvariable variable=PATH]$powerShellPath;$env:PATH" - Write-Host "sending " + $vstsCommandString - Write-Host "##$vstsCommandString" - displayName: Install PowerShell Core - -- task: DownloadBuildArtifacts@0 - displayName: 'Download artifacts' - inputs: - buildType: current - downloadType: specific - itemPattern: '**/*.nupkg' - downloadPath: '$(System.ArtifactsDirectory)' - -- pwsh: | - Get-ChildItem -Path "$(System.ArtifactsDirectory)" -Recurse - displayName: Capture artifacts directory - -- pwsh: | - $modulePath = Join-Path -Path $env:AGENT_TEMPDIRECTORY -ChildPath 'TempModules' - if (Test-Path -Path $modulePath) { - Write-Verbose -Verbose "Deleting existing temp module path: $modulePath" - Remove-Item -Path $modulePath -Recurse -Force -ErrorAction Ignore - } - if (! (Test-Path -Path $modulePath)) { - Write-Verbose -Verbose "Creating new temp module path: $modulePath" - $null = New-Item -Path $modulePath -ItemType Directory - } - displayName: Create temporary module path - -- pwsh: | - $modulePath = Join-Path -Path $env:AGENT_TEMPDIRECTORY -ChildPath 'TempModules' - Write-Verbose -Verbose "Install PowerShellGet V3 to temp module path" - Save-Module -Name PowerShellGet -Path $modulePath -MinimumVersion 3.0.0-beta10 -AllowPrerelease -Force - Write-Verbose -Verbose "Install PlatyPS to temp module path" - Save-Module -Name "platyPS" -Path $modulePath -Force - Write-Verbose -Verbose "Install PSScriptAnalyzer to temp module path" - Save-Module -Name "PSScriptAnalyzer" -Path $modulePath -RequiredVersion 1.18.0 -Force - Write-Verbose -Verbose "Install Pester 4.X to temp module path" - Save-Module -Name "Pester" -MaximumVersion 4.99 -Path $modulePath -Force - Write-Verbose -Verbose "Install PSPackageProject to temp module path" - Save-Module -Name PSPackageProject -Path $modulePath -Force - displayName: Install PSPackageProject and dependencies - -- pwsh: | - $modulePath = Join-Path -Path $env:AGENT_TEMPDIRECTORY -ChildPath 'TempModules' - $env:PSModulePath = $modulePath + [System.IO.Path]::PathSeparator + $env:PSModulePath - $sourceName = 'pspackageproject-local-repo' - Register-PackageSource -Name $sourceName -Location "$(System.ArtifactsDirectory)" -ProviderName PowerShellGet -Force -ErrorAction Ignore - Get-PackageSource -Name $sourceName - $config = Get-PSPackageProjectConfiguration - $buildOutputPath = $config.BuildOutputPath - $null = New-Item -ItemType Directory -Path $buildOutputPath -Verbose - $moduleName = $config.ModuleName - Write-Verbose -Verbose "Saving package $sourceName to $($config.BuildOutputPath)" - Save-Package -Name $moduleName -Source $sourceName -ProviderName PowerShellGet -Path $config.BuildOutputPath -AllowPrereleaseVersions -Force - Write-Verbose -Verbose "Writing BUILD_SOURCE variable" - $vstsCommandString = "vso[task.setvariable variable=BUILD_SOURCE]$($config.BuildOutputPath)" - Write-Host "sending " + $vstsCommandString - Write-Host "##$vstsCommandString" - displayName: Extract product artifact - -- pwsh: | - $modulePath = Join-Path -Path $env:AGENT_TEMPDIRECTORY -ChildPath 'TempModules' - $env:PSModulePath = $modulePath + [System.IO.Path]::PathSeparator + $env:PSModulePath - $config = Get-PSPackageProjectConfiguration - dir "$($config.BuildOutputPath)/*" -r 2>$null - displayName: 'BuildOutputPath directory' - -- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0 - displayName: 'Component Detection' - inputs: - sourceScanPath: '$(Build.SourcesDirectory)' - snapshotForceEnabled: true - -- task: securedevelopmentteam.vss-secure-development-tools.build-task-antimalware.AntiMalware@3 - displayName: 'Run Defender Scan' - -- task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2 - displayName: 'Run CredScan' - inputs: - toolMajorVersion: V2 - debugMode: false - continueOnError: true - -- task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@3 - displayName: 'Run BinSkim ' - inputs: - InputType: Basic - AnalyzeTarget: '$(BUILD_SOURCE)\Microsoft.PowerShell.SecretStore\Microsoft.PowerShell.SecretStore.dll' - AnalyzeSymPath: 'SRV*' - AnalyzeVerbose: true - AnalyzeHashes: true - AnalyzeStatistics: true - continueOnError: true - -- task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@1 - displayName: 'Run PoliCheck' - inputs: - targetType: F - optionsFC: 0 - optionsXS: 0 - optionsPE: '1|2|3|4' - optionsHMENABLE: 0 -# optionsRulesDBPath: '$(Build.SourcesDirectory)\tools\terms\PowerShell-Terms-Rules.mdb' -# optionsFTPATH: '$(Build.SourcesDirectory)\tools\terms\FileTypeSet.xml' - toolVersion: 5.8.2.1 - continueOnError: true - -- task: securedevelopmentteam.vss-secure-development-tools.build-task-publishsecurityanalysislogs.PublishSecurityAnalysisLogs@2 - displayName: 'Publish Security Analysis Logs to Build Artifacts' - continueOnError: true - -- task: securedevelopmentteam.vss-secure-development-tools.build-task-uploadtotsa.TSAUpload@1 - displayName: 'TSA upload to Codebase: PSSecretStore_201508 Stamp: Azure' - inputs: - codeBaseName: PSSecretStore_201508 - tsaVersion: TsaV2 - uploadFortifySCA: false - uploadFxCop: false - uploadModernCop: false - uploadPREfast: false - uploadRoslyn: false - uploadTSLint: false - uploadAPIScan: false - -- task: securedevelopmentteam.vss-secure-development-tools.build-task-report.SdtReport@1 - displayName: 'Create Security Analysis Report' - inputs: - TsvFile: false - APIScan: false - BinSkim: false - CredScan: true - PoliCheck: true - PoliCheckBreakOn: Severity2Above - -- pwsh: | - Unregister-PSRepository -Name 'pspackageproject-local-repo' -ErrorAction Ignore - displayName: Unregister temporary PSRepository - condition: always() diff --git a/.ci/release.yml b/.ci/release.yml deleted file mode 100644 index 50c4d96..0000000 --- a/.ci/release.yml +++ /dev/null @@ -1,47 +0,0 @@ -parameters: - jobName: release - imageName: windows-2019 - displayName: 'Release Microsoft.PowerShell.SecretStore to NuGet' - -jobs: -- job: ${{ parameters.jobName }} - pool: - vmImage: ${{ parameters.imageName }} - displayName: ${{ parameters.displayName }} - - steps: - - task: NuGetToolInstaller@1 - displayName: 'Install NuGet 5.6.0' - inputs: - checkLatest: false - version: 5.6.0 - - - task: DownloadBuildArtifacts@0 - displayName: 'Download SecretSTore module artifacts' - inputs: - buildType: current - downloadType: specific - artifactName: '**/*.nupkg' - downloadPath: '$(System.ArtifactsDirectory)' - - - powershell: | - Get-ChildItem '$(System.ArtifactsDirectory)/nupkg/Microsoft.PowerShell.SecretStore.*.nupkg' -ErrorAction SilentlyContinue - # Get-ChildItem '$(System.ArtifactsDirectory)' -Recurse - displayName: 'Capture SecretStore module NuGet package' - - # TODO: Need to create NuGet service connection - #- task: NuGetCommand@2 - # displayName: 'Push Microsoft.PowerShell.Store module artifacts to AzArtifactsFeed' - # inputs: - # command: push - # packagesToPush: '$(System.ArtifactsDirectory)/nupkg/Microsoft.PowerShell.SecretStore.*.nupkg' - # nuGetFeedType: external - # publishFeedCredentials: AzArtifactFeed - - #- task: NuGetCommand@2 - # displayName: 'Push Microsoft.PowerShell.Store module artifacts to PSGallery feed' - # inputs: - # command: push - # packagesToPush: '$(System.ArtifactsDirectory)/nupkg/Microsoft.PowerShell.SecretStore.*.nupkg' - # nuGetFeedType: external - # publishFeedCredentials: PHPowerShellGalleryFeed diff --git a/.ci/templates/sign.yml b/.ci/templates/sign.yml deleted file mode 100644 index cdf6e4e..0000000 --- a/.ci/templates/sign.yml +++ /dev/null @@ -1,80 +0,0 @@ -parameters: - - name: "buildOutputPath" - default: "$(Build.ArtifactStagingDirectory)\\build" - - name: "signOutputPath" - default: "$(Build.ArtifactStagingDirectory)\\signed" - - name: "certificateId" - default: "CP-230012" - - name: "pattern" - default: "*.dll,*.exe" - -steps: -- task: UseDotNet@2 - displayName: 'Install .NET Core sdk 2.x for ESRP' - inputs: - version: 2.x - -- pwsh: | - [string] $CertificateId = "${{ parameters.certificateId }}" - Write-Verbose "CertificateId - $CertificateId" -Verbose - - [string] $VariableName = "EsrpJson" - - [string] $SigningServer = '$(SigningServer)' - Write-Verbose "SigningServer - $SigningServer" -Verbose - - $esrpParameters = @( - @{ - ParameterName = "OpusName" - ParameterValue = "Microsoft" - } - @{ - ParameterName = "OpusInfo" - ParameterValue = "http://www.microsoft.com" - } - @{ - ParameterName = "PageHash" - ParameterValue = "/NPH" - } - @{ - ParameterName = "FileDigest" - ParameterValue = "/fd sha256" - } - @{ - ParameterName = "TimeStamp" - ParameterValue = "/tr ""$SigningServer"" /td sha256" - } - ) - - $esrp = @(@{ - keyCode = $CertificateId - operationSetCode = "SigntoolSign" - parameters = $esrpParameters - toolName = "signtool.exe" - toolVersion = "6.2.9304.0" - }) - - $vstsCommandString = "vso[task.setvariable variable=$VariableName][$($esrp | ConvertTo-Json -Compress)]" - Write-Verbose -Message ("sending " + $vstsCommandString) -Verbose - Write-Host "##$vstsCommandString" - displayName: Generate signing JSON - condition: and(and(and(succeeded(), eq(variables['Build.Reason'], 'Manual')), ne(variables['SkipSigning'], 'True')), ne(variables['SigningServer'], '')) - -- pwsh: | - Write-Verbose "BUILD_OUTPUT_PATH- ${{ parameters.buildOutputPath}}" -Verbose - Write-Verbose "SIGNED_OUTPUT_PATH- ${{ parameters.signOutputPath }}" -Verbose - Copy-Item ${{ parameters.buildOutputPath }}\* ${{ parameters.signOutputPath }}\ -Recurse -Force -Verbose - displayName: Prepare output folder - timeoutInMinutes: 10 - condition: and(and(and(succeeded(), eq(variables['Build.Reason'], 'Manual')), ne(variables['SkipSigning'], 'True')), ne(variables['SigningServer'], '')) - -- task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1 - displayName: Sign files - inputs: - ConnectedServiceName: pwshSigning - FolderPath: '${{ parameters.signOutputPath }}' - UseMinimatch: false - signConfigType: inlineSignParams - inlineOperation: $(EsrpJson) - Pattern: ${{ parameters.pattern }} - condition: and(and(and(succeeded(), eq(variables['Build.Reason'], 'Manual')), ne(variables['SkipSigning'], 'True')), ne(variables['SigningServer'], '')) diff --git a/.ci/test.yml b/.ci/test.yml index 18bc02c..c7fb993 100644 --- a/.ci/test.yml +++ b/.ci/test.yml @@ -1,6 +1,6 @@ parameters: jobName: TestPkgWin - imageName: windows-2019 + imageName: windows-latest displayName: PowerShell Core on Windows powershellExecutable: pwsh diff --git a/help/Microsoft.PowerShell.SecretStore.dll-Help.xml b/help/Microsoft.PowerShell.SecretStore.dll-Help.xml deleted file mode 100644 index babf8a1..0000000 --- a/help/Microsoft.PowerShell.SecretStore.dll-Help.xml +++ /dev/null @@ -1,796 +0,0 @@ - - - - - Get-SecretStoreConfiguration - Get - SecretStoreConfiguration - - Writes SecretStore configuration information. - - - - This cmdlet reads the SecretStore configuration file and writes configuration information to the pipeline. Configuration information includes: - - Scope - - Authentication - - PasswordTimeout (in seconds) - - UserInteraction - - - - Get-SecretStoreConfiguration - - - - - - - None - - - - - - - - - - Microsoft.PowerShell.SecretStore.SecureStoreConfig - - - - - - - - - Currently, configuration scope is always 'CurrentUser'. 'AllUsers' scope is not supported. - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Get-SecretStoreConfiguration - - Scope Authentication PasswordTimeout UserInteraction - ----- -------------- --------------- --------------- -CurrentUser Password 900 Prompting - -PS C:\> - - This example runs the command from a command shell prompt and displays four SecretStore configuration properties: -Scope is 'CurrentUser'. -A password is required to access the SecretStore. -A session password timeout time is 5 minutes. -The user will be prompted for a password if the command is run in an interactive session. - - - - - - - - Reset-SecretStore - Reset - SecretStore - - Resets the SecretStore by deleting all secret data and configuring the store with default options. - - - - This cmdlet completely resets the SecretStore by deleting all secret data it may contain, and resetting configuration options to their default values. It is intended to be used only if a required password is lost, or data files become corrupted so that SecretStore no longer functions and secret data cannot be accessed. -Default configuration options can be overridden by specifying individual command configuration option parameters. - - - - Reset-SecretStore - - Authentication - - Configuration option to set authentication for store access. Configuration options are 'Password' or 'None'. When 'Password' is selected, SecretStore is configured to require a password for accessing secrets. Default authentication is 'Password', as this provides the strongest protection of secret data. - - Authenticate - - Authenticate - - - Password - - - Force - - When true, the user will not be asked to confirm and the SecretStore will be reset without prompting. Default value is false, and user will be asked to confirm the operation. - - - SwitchParameter - - - False - - - PasswordTimeout - - Configuration option that provides the session password timeout in seconds. Takes an argument whose value determines the session password timeout in seconds. When the timeout value is reached, the current password value is invalidated for the session. - - Int32 - - Int32 - - - 900 - - - Scope - - Configuration option that determines SecretStore operation scope. Currently only 'CurrentUser' scope is supported. - - - CurrentUser - AllUsers - - SecureStoreScope - - SecureStoreScope - - - CurrentUser - - - UserInteraction - - Configuration option to allow or suppress user prompting. Configuration options are 'Prompting' or 'None'. When 'None' is selected, no prompt will be presented in an interactive session to provide a session password. Default value is 'Prompting', and users will be prompted for password when needed. When 'None is selected and a session password is required, a Microsoft.PowerShell.SecretStore.PasswordRequiredException error is thrown. - - Interaction - - Interaction - - - Prompting - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - - - - Authentication - - Configuration option to set authentication for store access. Configuration options are 'Password' or 'None'. When 'Password' is selected, SecretStore is configured to require a password for accessing secrets. Default authentication is 'Password', as this provides the strongest protection of secret data. - - Authenticate - - Authenticate - - - Password - - - Force - - When true, the user will not be asked to confirm and the SecretStore will be reset without prompting. Default value is false, and user will be asked to confirm the operation. - - SwitchParameter - - SwitchParameter - - - False - - - PasswordTimeout - - Configuration option that provides the session password timeout in seconds. Takes an argument whose value determines the session password timeout in seconds. When the timeout value is reached, the current password value is invalidated for the session. - - Int32 - - Int32 - - - 900 - - - Scope - - Configuration option that determines SecretStore operation scope. Currently only 'CurrentUser' scope is supported. - - SecureStoreScope - - SecureStoreScope - - - CurrentUser - - - UserInteraction - - Configuration option to allow or suppress user prompting. Configuration options are 'Prompting' or 'None'. When 'None' is selected, no prompt will be presented in an interactive session to provide a session password. Default value is 'Prompting', and users will be prompted for password when needed. When 'None is selected and a session password is required, a Microsoft.PowerShell.SecretStore.PasswordRequiredException error is thrown. - - Interaction - - Interaction - - - Prompting - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - - - - None - - - - - - - - - - Microsoft.PowerShell.SecretStore.SecureStoreConfig - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Reset-SecretStore -WARNING: !!This operation will completely remove all SecretStore module secrets and reset configuration settings to default values!! - -Reset SecretStore -Are you sure you want to erase all secrets in SecretStore and reset configuration settings to default? -[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): Y - - Scope Authentication PasswordTimeout UserInteraction - ----- -------------- --------------- --------------- -CurrentUser Password 900 Prompting - -PS C:\> - - This example resets the SecretStore for the current user, by deleting all secrets and forcing configuration settings to default values. The user is warned of the consequences of this action and prompted to confirm before continuing. - - - - - - - - Set-SecretStoreConfiguration - Set - SecretStoreConfiguration - - Sets SecretStore configuration properties. - - - - This cmdlet takes individual parameter arguments that determine SecretStore configuration. Or the '-Default' parameter can be used to restore SecretStore configuration to default settings. - - - - Set-SecretStoreConfiguration - - Authentication - - Configuration option to set authentication for store access. Configuration options are 'Password' or 'None'. When 'Password' is selected, SecretStore is configured to require a password for accessing secrets. Default authentication is 'Password', as this provides the strongest protection of secret data. - - Authenticate - - Authenticate - - - Password - - - Force - - When true, the user will not be asked to confirm and the SecretStore will be reset without prompting. Default value is false, and user will be asked to confirm the operation. - - - SwitchParameter - - - False - - - PasswordTimeout - - Configuration option that provides the session password timeout in seconds. Takes an argument whose value determines the session password timeout in seconds. When the timeout value is reached, the current password value is invalidated for the session. - - Int32 - - Int32 - - - None - - - Scope - - Configuration option that determines SecretStore operation scope. Currently only 'CurrentUser' scope is supported. - - - CurrentUser - AllUsers - - SecureStoreScope - - SecureStoreScope - - - None - - - UserInteraction - - Configuration option to allow or suppress user prompting. Configuration options are 'Prompting' or 'None'. When 'None' is selected, no prompt will be presented in an interactive session to provide a session password. Default value is 'Prompting', and users will be prompted for password when needed. When 'None is selected and a session password is required, a Microsoft.PowerShell.SecretStore.PasswordRequiredException error is thrown. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - - Set-SecretStoreConfiguration - - Default - - This parameter switch sets SecretStore configuration to its default settings. - - - SwitchParameter - - - False - - - Force - - When true, the user will not be asked to confirm and the SecretStore will be reset without prompting. Default value is false, and user will be asked to confirm the operation. - - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - - SwitchParameter - - - False - - - - - - Authentication - - Configuration option to set authentication for store access. Configuration options are 'Password' or 'None'. When 'Password' is selected, SecretStore is configured to require a password for accessing secrets. Default authentication is 'Password', as this provides the strongest protection of secret data. - - Authenticate - - Authenticate - - - Password - - - Default - - This parameter switch sets SecretStore configuration to its default settings. - - SwitchParameter - - SwitchParameter - - - False - - - Force - - When true, the user will not be asked to confirm and the SecretStore will be reset without prompting. Default value is false, and user will be asked to confirm the operation. - - SwitchParameter - - SwitchParameter - - - False - - - PasswordTimeout - - Configuration option that provides the session password timeout in seconds. Takes an argument whose value determines the session password timeout in seconds. When the timeout value is reached, the current password value is invalidated for the session. - - Int32 - - Int32 - - - None - - - Scope - - Configuration option that determines SecretStore operation scope. Currently only 'CurrentUser' scope is supported. - - SecureStoreScope - - SecureStoreScope - - - None - - - UserInteraction - - Configuration option to allow or suppress user prompting. Configuration options are 'Prompting' or 'None'. When 'None' is selected, no prompt will be presented in an interactive session to provide a session password. Default value is 'Prompting', and users will be prompted for password when needed. When 'None is selected and a session password is required, a Microsoft.PowerShell.SecretStore.PasswordRequiredException error is thrown. - - SwitchParameter - - SwitchParameter - - - False - - - Confirm - - Prompts you for confirmation before running the cmdlet. - - SwitchParameter - - SwitchParameter - - - False - - - WhatIf - - Shows what would happen if the cmdlet runs. The cmdlet is not run. - - SwitchParameter - - SwitchParameter - - - False - - - - - - None - - - - - - - - - - Microsoft.PowerShell.SecretStore.SecureStoreConfig - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Set-SecretStoreConfiguration -Default - -Confirm -Are you sure you want to perform this action? -Performing the operation "Changes local store configuration" on target "SecretStore module local store". -[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y - - Scope Authentication PasswordTimeout UserInteraction - ----- -------------- --------------- --------------- -CurrentUser Password 900 Prompting - -PS C:\> - - This example uses the command to restore the SecretStore configuration settings to their default values. - - - - - - - - Set-SecretStorePassword - Set - SecretStorePassword - - Replaces the current SecretStore password with a new one. - - - - This cmdlet updates the password for SecretStore. It takes no parameters and prompts the user for both the old and new passwords. - - - - Set-SecretStorePassword - - - - - - - None - - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Set-SecretStorePassword -Old password -Enter password: -******* -New password -Enter password: -******* -Enter password again for verification: -******* - - This example runs the command with no parameter arguments. The user is first prompted for the old password. And then prompted for the new password twice for verification. - - - - - - - - Unlock-SecretStore - Unlock - SecretStore - - Unlocks SecretStore with the provided password. - - - - This cmdlet unlocks SecretStore for the current user with the provided password. It can be used to unlock SecretStore when the configuration requires a password and the 'DoNotPrompt' option is configured. The provided password will be applied to the current session, and will become invalid after the 'PasswordTimeout' time elapses. If no password is provided by parameter argument, the user will be safely prompted for the password. - - - - Unlock-SecretStore - - Password - - This parameter takes the password argument as a plain text string. This is not a secure way to provide a password, and is not recommended in most cases. - - String - - String - - - None - - - PasswordTimeout - - This parameter takes a password timeout argument in seconds, and overrides the configuration password timeout value. The password timeout value remains in effect for the session until changed. - - Int32 - - Int32 - - - None - - - - Unlock-SecretStore - - PasswordTimeout - - This parameter takes a password timeout argument in seconds, and overrides the configuration password timeout value. The password timeout value remains in effect for the session until changed. - - Int32 - - Int32 - - - None - - - SecureStringPassword - - This parameter takes the password argument as a SecureString object. It is the most secure way to provide the password, and is the default parameter set. - - SecureString - - SecureString - - - None - - - - - - Password - - This parameter takes the password argument as a plain text string. This is not a secure way to provide a password, and is not recommended in most cases. - - String - - String - - - None - - - PasswordTimeout - - This parameter takes a password timeout argument in seconds, and overrides the configuration password timeout value. The password timeout value remains in effect for the session until changed. - - Int32 - - Int32 - - - None - - - SecureStringPassword - - This parameter takes the password argument as a SecureString object. It is the most secure way to provide the password, and is the default parameter set. - - SecureString - - SecureString - - - None - - - - - - System.Security.SecureString - - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Get-Secret secret1 -Vault LocalStore -Get-Secret: Unable to get secret secret1 from vault LocalStore - -PS C:\> Unlock-SecretStore - -cmdlet Unlock-SecretStore at command pipeline position 1 -Supply values for the following parameters: -SecureStringPassword: ******* - -PS C:\> Get-Secret secret1 -Vault LocalStore -System.Security.SecureString - - In this example, the SecretManagement 'Get-Secret' command fails to retrieve secret1 because the SecretStore vault is locked. The 'Unlock-SecretStore' command is run to unlock the vault. No password parameter argument was provided to the 'Unlock-SecretStore' command, so the user is prompted for the password. Running 'Get-Secret' again now works and returns the secret as a SecureString object. - - - - - - \ No newline at end of file