diff --git a/CHANGELOG.md b/CHANGELOG.md index f1ce5b7..d3729f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,19 @@ # CHANGELOG +## 0.9.2 - 2021-3-15 + +### Fixes + +- Minor changes to help file format. + +### Changes + +- The `-Force` parameter was removed from the `Set-SecretStoreConfiguration` command, and instead the `-Confirm:$false` should be used to suppress PowerShell prompting in automation scripts. + +### New Features + +- `Set-SecretStoreConfiguration` command now takes a `-Password` parameter so that there is not need to prompt for a password (Issue #46). + ## 0.9.1 - 2021-3-1 ### Fixes diff --git a/help/Get-SecretStoreConfiguration.md b/help/Get-SecretStoreConfiguration.md index 679ab3a..fe593b2 100644 --- a/help/Get-SecretStoreConfiguration.md +++ b/help/Get-SecretStoreConfiguration.md @@ -21,17 +21,14 @@ This cmdlet reads the SecretStore configuration file and writes configuration in Configuration information includes: - Scope - - Authentication - - PasswordTimeout (in seconds) - - Interaction ## EXAMPLES ### Example 1 -```powershell +``` PS C:\> Get-SecretStoreConfiguration Scope Authentication PasswordTimeout Interaction @@ -39,11 +36,10 @@ PS C:\> Get-SecretStoreConfiguration CurrentUser Password 900 Prompt ``` -This example runs the command from a command shell prompt and displays four SecretStore configuration properties: -Scope : 'CurrentUser'. -Authentication : A password is required to access the SecretStore. -PasswordTimeout : The session password timeout time is 15 minutes. -Interaction : The user will be prompted for a password if the command is run in an interactive session. +This example runs the command from a command shell prompt and displays four SecretStore configuration properties: Scope : 'CurrentUser'. +Authentication : A password is required to access the SecretStore. +PasswordTimeout : The session password timeout time is 15 minutes. +Interaction : The user will be prompted for a password if the command is run in an interactive session. ## PARAMETERS @@ -53,13 +49,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### Microsoft.PowerShell.SecretStore.SecureStoreConfig - ## NOTES - -'AllUsers' scope is currently not supported. Configuration scope is always 'CurrentUser'. +'AllUsers' scope is currently not supported. +Configuration scope is always 'CurrentUser'. ## RELATED LINKS diff --git a/help/Reset-SecretStore.md b/help/Reset-SecretStore.md index fba7d8d..7672d0c 100644 --- a/help/Reset-SecretStore.md +++ b/help/Reset-SecretStore.md @@ -13,19 +13,20 @@ Resets the SecretStore by deleting all secret data and configuring the store wit ## SYNTAX ``` -Reset-SecretStore [-Scope ] [-Authentication ] [-PasswordTimeout ] - [-Interaction ] [-Force] [-WhatIf] [-Confirm] [] +Reset-SecretStore [-Scope ] [-Authentication ] [-Password ] + [-PasswordTimeout ] [-Interaction ] [-PassThru] [-Force] [-WhatIf] [-Confirm] + [] ``` ## DESCRIPTION This cmdlet completely resets the SecretStore by deleting all secret data it may contain, and resetting configuration options to their default values. -It is intended to be used only if a required password is lost, or data files become corrupted so that SecretStore no longer functions and secret data cannot be accessed. +It is intended to be used only if a required password is lost, or data files become corrupted so that SecretStore no longer functions and secret data cannot be accessed. Default configuration options can be overridden by specifying individual command configuration option parameters. ## EXAMPLES ### Example 1 -```powershell +``` PS C:\> Reset-SecretStore -PassThru WARNING: !!This operation will completely remove all SecretStore module secrets and reset configuration settings to default values!! @@ -93,7 +94,7 @@ Aliases: Required: False Position: Named -Default value: +Default value: None Accept pipeline input: False Accept wildcard characters: False ``` @@ -203,11 +204,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### Microsoft.PowerShell.SecretStore.SecureStoreConfig - ## NOTES ## RELATED LINKS diff --git a/help/Set-SecretStoreConfiguration.md b/help/Set-SecretStoreConfiguration.md index 427142c..73197e5 100644 --- a/help/Set-SecretStoreConfiguration.md +++ b/help/Set-SecretStoreConfiguration.md @@ -15,12 +15,14 @@ Sets SecretStore configuration properties. ### ParameterSet (Default) ``` Set-SecretStoreConfiguration [-Scope ] [-Authentication ] - [-PasswordTimeout ] [-Interaction ] [-Force] [-WhatIf] [-Confirm] [] + [-PasswordTimeout ] [-Interaction ] [-Password ] [-PassThru] [-WhatIf] + [-Confirm] [] ``` ### DefaultParameterSet ``` -Set-SecretStoreConfiguration [-Default] [-Force] [-WhatIf] [-Confirm] [] +Set-SecretStoreConfiguration [-Default] [-Password ] [-PassThru] [-WhatIf] [-Confirm] + [] ``` ## DESCRIPTION @@ -30,7 +32,7 @@ Or the '-Default' parameter can be used to restore SecretStore configuration to ## EXAMPLES ### Example 1 -```powershell +``` PS C:\> Set-SecretStoreConfiguration -Default Confirm @@ -45,6 +47,46 @@ CurrentUser Password 900 Prompt This example uses the command to restore the SecretStore configuration settings to their default values. +### Example 2 +``` +Install-Module -Name Microsoft.PowerShell.SecretStore -Repository PSGallery -Force +$password = Import-CliXml -Path $securePasswordPath.xml +Set-SecretStoreConfiguration -Scope CurrentUser -Authentication Password -PasswordTimeout 3600 -Interaction None -Password $password -Confirm:$false + +Install-Module -Name Microsoft.PowerShell.SecretManagement -Repository PSGallery -Force +Register-SecretVault -Name SecretStore -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault + +Unlock-SecretStore -Password $password +``` + +This is an example of automation script that installs and configures the Microsoft.PowerShell.SecretStore module without user prompting. +The configuration requires a password and sets user interaction to None, so that SecretStore will never prompt the user. +The configuration also requires a password, and the password is passed in as a SecureString object. +The \`-Confirm:false\` parameter is used so that PowerShell will not prompt for confirmation. + +Next, the SecretManagement module is installed and the SecretStore module registered so that the SecretStore secrets can be managed. + +The \`Unlock-SecretStore\` cmdlet is used to unlock the SecretStore for this session. +The password timeout was configured for 1 hour and SecretStore will remain unlocked in the session for that amount of time, after which it will need to be unlocked again before secrets can be accessed. + +### Example 3 +``` +PS C:\> Get-SecretStoreConfiguration + + Scope Authentication PasswordTimeout Interaction + ----- -------------- --------------- ----------- +CurrentUser Password 900 None + +PS C:\> Set-SecretStoreConfiguration -Authentication Password -Password $password +Set-SecretStoreConfiguration: The Microsoft.PowerShell.SecretStore is already configured to require a password, and a new password cannot be added. +Use the Set-SecretStorePassword cmdlet to change an existing password. +``` + +This example attempts to set the SecretStore configuration to require a password and provides a new password. +But this results in an error. +This command cannot be used to change an existing password but only to toggle authentication to require or not require a password. +To change an existing SecretStore password, use the \`Set-SecretStorePassword\` command. + ## PARAMETERS ### -Authentication @@ -80,9 +122,8 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -Force -When used, the user will not be asked to confirm and the SecretStore will be reset without prompting. -Default value is false, and user will be asked to confirm the operation. +### -PassThru +When used, will write the current SecretStore configuration to the pipeline. ```yaml Type: SwitchParameter @@ -96,17 +137,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -PassThru -When used, will write the current SecretStore configuration to the pipeline. +### -Password +Password to be applied when changing the authentication configuration. +When changing the configuration from no password required to password required, the provided password will be set as the new store password. +When changing the configuration from password required to no password required, the provided password will be used to authorize the configuration change, and must be the current password used to unlock the store. +This command cannot be used to change the store password. +To change an existing password, use the \`Set-SecretStorePassword\` command. ```yaml -Type: SwitchParameter +Type: SecureString Parameter Sets: (All) Aliases: Required: False Position: Named -Default value: False +Default value: None Accept pipeline input: False Accept wildcard characters: False ``` @@ -201,11 +246,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### Microsoft.PowerShell.SecretStore.SecureStoreConfig - ## NOTES ## RELATED LINKS diff --git a/help/Set-SecretStorePassword.md b/help/Set-SecretStorePassword.md index 7737414..b88f5f1 100644 --- a/help/Set-SecretStorePassword.md +++ b/help/Set-SecretStorePassword.md @@ -12,10 +12,16 @@ Replaces the current SecretStore password with a new one. ## SYNTAX +### NoParameterSet (Default) ``` Set-SecretStorePassword [] ``` +### ParameterSet +``` +Set-SecretStorePassword -NewPassword [-Password ] [] +``` + ## DESCRIPTION This cmdlet updates the password for SecretStore. It takes no parameters and prompts the user for both the old and new passwords. @@ -23,7 +29,7 @@ It takes no parameters and prompts the user for both the old and new passwords. ## EXAMPLES ### Example 1 -```powershell +``` PS C:\> Set-SecretStorePassword Old password Enter password: @@ -40,12 +46,11 @@ The user is first prompted for the old password. And then prompted for the new password twice for verification. ### Example 2 -```powershell +``` PS C:\> Set-SecretStorePassword -NewPassword $newPassword -Password $oldPassword ``` -This example runs the command passing in both the current store password and the new -password to be set. +This example runs the command passing in both the current store password and the new password to be set. ## PARAMETERS @@ -59,8 +64,8 @@ Aliases: Required: True Position: Named -Default value: -Accept pipeline input: True +Default value: None +Accept pipeline input: True (ByValue) Accept wildcard characters: False ``` @@ -75,7 +80,7 @@ Aliases: Required: False Position: Named -Default value: +Default value: None Accept pipeline input: False Accept wildcard characters: False ``` @@ -86,7 +91,6 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ## NOTES diff --git a/help/Unlock-SecretStore.md b/help/Unlock-SecretStore.md index 4e1662a..aaa265c 100644 --- a/help/Unlock-SecretStore.md +++ b/help/Unlock-SecretStore.md @@ -25,7 +25,7 @@ If no password is provided by parameter argument, the user will be safely prompt ## EXAMPLES ### Example 1 -```powershell +``` PS C:\> Get-Secret secret1 -Vault LocalStore Get-Secret: A valid password is required to access the Microsoft.PowerShell.SecretStore vault. Get-Secret: The secret secret1 was not found. @@ -84,7 +84,6 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### System.Security.SecureString - ## OUTPUTS ## NOTES diff --git a/help/en-US/Microsoft.PowerShell.SecretStore.dll-Help.xml b/help/en-US/Microsoft.PowerShell.SecretStore.dll-Help.xml index bc751ad..31b0a34 100644 --- a/help/en-US/Microsoft.PowerShell.SecretStore.dll-Help.xml +++ b/help/en-US/Microsoft.PowerShell.SecretStore.dll-Help.xml @@ -56,12 +56,7 @@ ----- -------------- --------------- ----------- CurrentUser Password 900 Prompt - This example runs the command from a command shell prompt and displays four SecretStore configuration properties: -Scope : 'CurrentUser'. -Authentication : A password is required to access the SecretStore. -PasswordTimeout : The session password timeout time is 15 minutes. -Interaction : The user will be prompted for a password if the command is run in an interactive session. - + This example runs the command from a command shell prompt and displays four SecretStore configuration properties: Scope : 'CurrentUser'. Authentication : A password is required to access the SecretStore. PasswordTimeout : The session password timeout time is 15 minutes. Interaction : The user will be prompted for a password if the command is run in an interactive session. @@ -77,8 +72,7 @@ Interaction : The user will be prompted for a password if the command is run in - This cmdlet completely resets the SecretStore by deleting all secret data it may contain, and resetting configuration options to their default values. It is intended to be used only if a required password is lost, or data files become corrupted so that SecretStore no longer functions and secret data cannot be accessed. -Default configuration options can be overridden by specifying individual command configuration option parameters. + This cmdlet completely resets the SecretStore by deleting all secret data it may contain, and resetting configuration options to their default values. It is intended to be used only if a required password is lost, or data files become corrupted so that SecretStore no longer functions and secret data cannot be accessed. Default configuration options can be overridden by specifying individual command configuration option parameters. @@ -381,9 +375,9 @@ CurrentUser Password 900 Prompt Password - Force + PassThru - When used, the user will not be asked to confirm and the SecretStore will be reset without prompting. Default value is false, and user will be asked to confirm the operation. + When used, will write the current SecretStore configuration to the pipeline. SwitchParameter @@ -392,15 +386,16 @@ CurrentUser Password 900 Prompt False - PassThru + Password - When used, will write the current SecretStore configuration to the pipeline. + Password to be applied when changing the authentication configuration. When changing the configuration from no password required to password required, the provided password will be set as the new store password. When changing the configuration from password required to no password required, the provided password will be used to authorize the configuration change, and must be the current password used to unlock the store. This command cannot be used to change the store password. To change an existing password, use the `Set-SecretStorePassword` command. + SecureString - SwitchParameter + SecureString - False + None PasswordTimeout @@ -479,9 +474,9 @@ CurrentUser Password 900 Prompt False - Force + PassThru - When used, the user will not be asked to confirm and the SecretStore will be reset without prompting. Default value is false, and user will be asked to confirm the operation. + When used, will write the current SecretStore configuration to the pipeline. SwitchParameter @@ -490,15 +485,16 @@ CurrentUser Password 900 Prompt False - PassThru + Password - When used, will write the current SecretStore configuration to the pipeline. + Password to be applied when changing the authentication configuration. When changing the configuration from no password required to password required, the provided password will be set as the new store password. When changing the configuration from password required to no password required, the provided password will be used to authorize the configuration change, and must be the current password used to unlock the store. This command cannot be used to change the store password. To change an existing password, use the `Set-SecretStorePassword` command. + SecureString - SwitchParameter + SecureString - False + None Confirm @@ -550,9 +546,9 @@ CurrentUser Password 900 Prompt False - Force + PassThru - When used, the user will not be asked to confirm and the SecretStore will be reset without prompting. Default value is false, and user will be asked to confirm the operation. + When used, will write the current SecretStore configuration to the pipeline. SwitchParameter @@ -562,16 +558,16 @@ CurrentUser Password 900 Prompt False - PassThru + Password - When used, will write the current SecretStore configuration to the pipeline. + Password to be applied when changing the authentication configuration. When changing the configuration from no password required to password required, the provided password will be set as the new store password. When changing the configuration from password required to no password required, the provided password will be used to authorize the configuration change, and must be the current password used to unlock the store. This command cannot be used to change the store password. To change an existing password, use the `Set-SecretStorePassword` command. - SwitchParameter + SecureString - SwitchParameter + SecureString - False + None PasswordTimeout @@ -676,6 +672,37 @@ CurrentUser Password 900 Prompt This example uses the command to restore the SecretStore configuration settings to their default values. + + -------------------------- Example 2 -------------------------- + Install-Module -Name Microsoft.PowerShell.SecretStore -Repository PSGallery -Force +$password = Import-CliXml -Path $securePasswordPath.xml +Set-SecretStoreConfiguration -Scope CurrentUser -Authentication Password -PasswordTimeout 3600 -Interaction None -Password $password -Confirm:$false + +Install-Module -Name Microsoft.PowerShell.SecretManagement -Repository PSGallery -Force +Register-SecretVault -Name SecretStore -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault + +Unlock-SecretStore -Password $password + + This is an example of automation script that installs and configures the Microsoft.PowerShell.SecretStore module without user prompting. The configuration requires a password and sets user interaction to None, so that SecretStore will never prompt the user. The configuration also requires a password, and the password is passed in as a SecureString object. The `-Confirm:false` parameter is used so that PowerShell will not prompt for confirmation. + Next, the SecretManagement module is installed and the SecretStore module registered so that the SecretStore secrets can be managed. + The `Unlock-SecretStore` cmdlet is used to unlock the SecretStore for this session. The password timeout was configured for 1 hour and SecretStore will remain unlocked in the session for that amount of time, after which it will need to be unlocked again before secrets can be accessed. + + + + -------------------------- Example 3 -------------------------- + PS C:\> Get-SecretStoreConfiguration + + Scope Authentication PasswordTimeout Interaction + ----- -------------- --------------- ----------- +CurrentUser Password 900 None + +PS C:\> Set-SecretStoreConfiguration -Authentication Password -Password $password +Set-SecretStoreConfiguration: The Microsoft.PowerShell.SecretStore is already configured to require a password, and a new password cannot be added. +Use the Set-SecretStorePassword cmdlet to change an existing password. + + This example attempts to set the SecretStore configuration to require a password and provides a new password. But this results in an error. This command cannot be used to change an existing password but only to toggle authentication to require or not require a password. To change an existing SecretStore password, use the `Set-SecretStorePassword` command. + + @@ -694,7 +721,7 @@ CurrentUser Password 900 Prompt Set-SecretStorePassword - + NewPassword New password to be applied to the store. @@ -721,7 +748,7 @@ CurrentUser Password 900 Prompt - + NewPassword New password to be applied to the store. diff --git a/src/Microsoft.PowerShell.SecretStore.psd1 b/src/Microsoft.PowerShell.SecretStore.psd1 index d2c03dc..f37d40e 100644 --- a/src/Microsoft.PowerShell.SecretStore.psd1 +++ b/src/Microsoft.PowerShell.SecretStore.psd1 @@ -11,7 +11,7 @@ NestedModules = @('.\Microsoft.PowerShell.SecretStore.Extension') RequiredModules = @('Microsoft.PowerShell.SecretManagement') # Version number of this module. -ModuleVersion = '0.9.1' +ModuleVersion = '0.9.2' # Supported PSEditions CompatiblePSEditions = @('Core') @@ -56,7 +56,7 @@ PrivateData = @{ Tags = @('SecretManagement') # A URL to the license for this module. - LicenseUri = 'https://github.com/PowerShell/Modules/License.txt' + LicenseUri = 'https://github.com/PowerShell/SecretStore/blob/master/LICENSE' # A URL to the main website for this project. ProjectUri = 'https://github.com/powershell/secretstore' diff --git a/src/code/Microsoft.PowerShell.SecretStore.csproj b/src/code/Microsoft.PowerShell.SecretStore.csproj index 3b1efbc..0ab40e8 100644 --- a/src/code/Microsoft.PowerShell.SecretStore.csproj +++ b/src/code/Microsoft.PowerShell.SecretStore.csproj @@ -5,9 +5,9 @@ Library Microsoft.PowerShell.SecretStore Microsoft.PowerShell.SecretStore - 0.9.1.0 - 0.9.1 - 0.9.1 + 0.9.2.0 + 0.9.2 + 0.9.2 net461 diff --git a/src/code/SecretStore.cs b/src/code/SecretStore.cs index 95cfd3b..1eacf06 100644 --- a/src/code/SecretStore.cs +++ b/src/code/SecretStore.cs @@ -169,10 +169,10 @@ public sealed class SetSecretStoreConfiguration : PSCmdlet public SwitchParameter Default { get; set; } [Parameter] - public SwitchParameter PassThru { get; set; } + public SecureString Password { get; set; } [Parameter] - public SwitchParameter Force { get; set; } + public SwitchParameter PassThru { get; set; } #endregion @@ -203,14 +203,30 @@ protected override void EndProcessing() this)); } - if (!Force && !ShouldProcess( + var password = Utils.CheckPassword(Password); + var passwordRequired = LocalSecretStore.PasswordRequired; + if (passwordRequired == SecureStoreFile.PasswordConfiguration.Required && + Authentication == Authenticate.Password && + password != null) + { + ThrowTerminatingError( + new ErrorRecord( + exception: new PSNotSupportedException("The Microsoft.PowerShell.SecretStore is already configured to require a password, and a new password cannot be added.\nUse the Set-SecretStorePassword cmdlet to change an existing password."), + errorId: "SecretStoreInvalidConfiguration", + errorCategory: ErrorCategory.NotEnabled, + this)); + } + + if (!ShouldProcess( target: "SecretStore module local store", action: "Changes local store configuration")) { return; } - var oldConfigData = LocalSecretStore.GetInstance(cmdlet: this).Configuration; + var oldConfigData = LocalSecretStore.GetInstance( + password: passwordRequired == SecureStoreFile.PasswordConfiguration.NotRequired ? null : password, + cmdlet: this).Configuration; SecureStoreConfig newConfigData; if (ParameterSetName == ParameterSet) { @@ -227,6 +243,7 @@ protected override void EndProcessing() if (!LocalSecretStore.GetInstance(cmdlet: this).UpdateConfiguration( newConfigData: newConfigData, + password: password, cmdlet: this, out string errorMsg)) { diff --git a/src/code/Utils.cs b/src/code/Utils.cs index 69c1bcb..1c50f9f 100644 --- a/src/code/Utils.cs +++ b/src/code/Utils.cs @@ -27,7 +27,7 @@ internal static class Utils { #region Members - internal const string PasswordRequiredMessage = "A valid password is required to access the Microsoft.PowerShell.SecretStore vault."; + internal const string PasswordRequiredMessage = "A valid password is required to access the Microsoft.PowerShell.SecretStore vault.\nUse the Unlock-SecretStore cmdlet to provide the required password to access the store."; #endregion @@ -624,7 +624,7 @@ public SecureStoreConfig( #endregion - # region Public methods + #region Public methods public string ConvertToJson() { @@ -1394,6 +1394,7 @@ public bool DeleteBlob( public bool UpdateConfigData( SecureStoreConfig newConfigData, + SecureString password, PSCmdlet cmdlet, out string errorMsg) { @@ -1417,6 +1418,10 @@ public bool UpdateConfigData( } // If password requirement changed, then change password encryption as needed. + // The user will be prompted for password information only if needed. + // Password configuration change can be: + // 1. Password was not required before but now is (new password needed). + // 2. Password was required before but now is not (old password needed for change). if (oldConfigData.PasswordRequired != newConfigData.PasswordRequired) { bool success; @@ -1424,11 +1429,12 @@ public bool UpdateConfigData( { SecureString oldPassword; SecureString newPassword; + if (newConfigData.PasswordRequired) { - // Prompt for new password + // If a new password is now required and none provided, then prompt for it. oldPassword = null; - newPassword = Utils.PromptForPassword( + newPassword = password ?? Utils.PromptForPassword( cmdlet: cmdlet, verifyPassword: true, message: "A password is now required for the local store configuration.\nTo complete the change please provide new password."); @@ -1440,9 +1446,10 @@ public bool UpdateConfigData( } else { - // Prompt for old password + // Password is no longer required, but old password is needed to make the change. + // If it was not provided, then prompt for it. newPassword = null; - oldPassword = Utils.PromptForPassword( + oldPassword = password ?? Utils.PromptForPassword( cmdlet: cmdlet, verifyPassword: false, message: "A password is no longer required for the local store configuration.\nTo complete the change please provide the current password."); @@ -1923,6 +1930,17 @@ public static void ClearConfigUpdateEventList() #endregion + #region Enums + + public enum PasswordConfiguration + { + NoFileDefaultRequired = 0, + Required = 1, + NotRequired = 2 + } + + #endregion + #region Properties public static DateTime LastConfigWriteTime @@ -1964,6 +1982,23 @@ public static bool ConfigAllowsPrompting } } + public static PasswordConfiguration ConfigRequiresPassword + { + get + { + // Try to read the local store configuration file. + if (ReadConfigFile( + configData: out SecureStoreConfig configData, + out string _)) + { + return (configData.Authentication == Authenticate.Password) ? PasswordConfiguration.Required : PasswordConfiguration.NotRequired; + } + + // Password is required by default. + return PasswordConfiguration.NoFileDefaultRequired; + } + } + #endregion #region Public methods @@ -2201,7 +2236,7 @@ public static bool ReadFile( hash: hash, dataToValidate: fileDataBlob)) { - errorMsg = "Store file integrity check failed."; + errorMsg = "Store file integrity check failed.\nThe provided password may be invalid, or store files have become corrupted or have been tampered with."; return false; } @@ -2843,6 +2878,11 @@ public static bool AllowPrompting get => SecureStoreFile.ConfigAllowsPrompting; } + internal static SecureStoreFile.PasswordConfiguration PasswordRequired + { + get => SecureStoreFile.ConfigRequiresPassword; + } + #endregion #region Constructor @@ -3190,11 +3230,13 @@ internal void UpdatePassword( internal bool UpdateConfiguration( SecureStoreConfig newConfigData, + SecureString password, PSCmdlet cmdlet, out string errorMsg) { return _secureStore.UpdateConfigData( newConfigData, + password, cmdlet, out errorMsg); } diff --git a/test/Microsoft.PowerShell.SecretStore.Tests.ps1 b/test/Microsoft.PowerShell.SecretStore.Tests.ps1 index c69a567..b9e957d 100644 --- a/test/Microsoft.PowerShell.SecretStore.Tests.ps1 +++ b/test/Microsoft.PowerShell.SecretStore.Tests.ps1 @@ -42,7 +42,7 @@ Describe "Test Microsoft.PowerShell.SecretStore module" -tags CI { # This deletes all SecretStore data!! Write-Warning "!!! These tests will remove all secrets in the store for the current user !!!" Reset-SecretStore -Scope CurrentUser -Authentication None -PasswordTimeout -1 -Interaction None -Force - $null = Set-SecretStoreConfiguration -Scope CurrentUser -Authentication None -PasswordTimeout -1 -Interaction None -Force + $null = Set-SecretStoreConfiguration -Scope CurrentUser -Authentication None -PasswordTimeout -1 -Interaction None -Confirm:$false } Context "SecretStore file permission tests" {