# Secrets Management with PowerShell

You can use the `Microsoft.PowerShell.SecretManagement` module introduced [here](https://devblogs.microsoft.com/powershell/secrets-management-development-release/) to store and retrieve secrets with PowerShell.

## Installation

You install it from the PowerShell Gallery using

In [None]:
Install-Module Microsoft.PowerShell.SecretManagement -AllowPrerelease

You need to use the `-PreRelease` flag at the moment as it is in preview. 

## Local Vault

It will come with a built in local key vault for you to use. You can see this with `Get-SecretVault`

In [1]:
Get-SecretVault




Name              ModuleName ImplementingType


----              ---------- ----------------


BuiltInLocalVault            





## Adding Secrets

You can add a secret to the vault with `Set-Secret` It does not give any output

In [5]:
Set-Secret -Name MyAwesomeSecret -Secret 'BeardsAreAwesome'

If you dont want to have your secret in the code (A recommended practice! Otherwise, why would need a key vault) You can prompt for user input with `Read-Host`

In [8]:
$Secret = Read-Host "tell me your secret" -AsSecureString
Set-Secret -Name ASecretFromMe -SecureStringSecret $Secret

or with `Get-Credential`

In [9]:
$Secret = Get-Credential
Set-Secret -Name $Secret.UserName -SecureStringSecret $Secret.Password




[95mPowerShell credential request[0m


Enter your credentials.





## Retrieving Secrets

You can retrieve secrets with `Get-Secret`

In [6]:
Get-Secret -Name MyAwesomeSecret

System.Security.SecureString


This returns a SecureString which you can use in your code.

You can return the value in plain text with the `-AsPlainText` switch. (Please be careful doing this and understand where this may be logged)

In [1]:
Get-Secret -Name ASecretFromMe -AsPlainText


I_got_my_first_tattoo_in_my_30s


You can create PsCredentialObjects using the secrets

In [14]:
$secretName = 'ASurprisingFact'
$Secret = Get-Secret -Name $secretName
$credential = New-Object System.Management.Automation.PSCredential ($secretName, $secret)
$credential




UserName                            Password


--------                            --------


ASurprisingFact System.Security.SecureString





You can always reveal the password in a PSCredential object with

In [16]:
$credential.GetNetworkCredential().Password

Isaac_Newton_invented_the_cat_door


## Updating Secrets

You update secrets using `Set-Secret`

In [20]:
Set-Secret -Name ASurprisingFact -Secret 'A house cat can reach speeds of up to 30mph'

$secretName = 'ASurprisingFact'
$Secret = Get-Secret -Name $secretName
$credential = New-Object System.Management.Automation.PSCredential ($secretName, $secret)
$credential.GetNetworkCredential().Password

A house cat can reach speeds of up to 30mph


## Listing Secrets

You can list the secrets in the vault with `Get-SecretInfo` You can see the type of secret and the secrets int he vault that the user has access to.

In [2]:
Get-SecretInfo




Name                    Type VaultName


----                    ---- ---------


ASecretFromMe   SecureString BuiltInLocalVault


ASurpringFact         String BuiltInLocalVault


ASurprisingFact       String BuiltInLocalVault


MyAwesomeSecret       String BuiltInLocalVault





## Removing Secrets

You can remove secrets with `Remove-Secret` As you can see above, I mistyped when creating this notebook and created a secret called `ASurpringFact` Lets remove that one, you have to specify the vaultname



In [3]:
Remove-Secret ASurpringFact -Vault BuiltInLocalVault 

and when we check it is gone

In [4]:
Get-SecretInfo




Name                    Type VaultName


----                    ---- ---------


ASecretFromMe   SecureString BuiltInLocalVault


ASurprisingFact       String BuiltInLocalVault


MyAwesomeSecret       String BuiltInLocalVault



