This is a
SecretManagement
extension for
LastPass.
It leverages the lastpass-cli
to interact with LastPass.
NOTE: This is not a maintained project and it's specifically not maintained by LastPass. I work on it in my free time because I use LastPass personally. The dream is that one day this would move under the LastPass organization.
- PowerShell
- The
lastpass-cli - The SecretManagement PowerShell module
You can get the SecretManagement module from the PowerShell Gallery:
Using PowerShellGet v2:
Install-Module Microsoft.PowerShell.SecretManagement -AllowPrereleaseUsing PowerShellGet v3:
Install-PSResource Microsoft.PowerShell.SecretManagement -PrereleaseYou an install this module from the PowerShell Gallery:
Using PowerShellGet v2:
Install-Module SecretManagement.LastPassUsing PowerShellGet v3:
Install-PSResource SecretManagement.LastPassOnce you have it installed, you need to register the module as an extension:
Register-SecretVault -ModuleName SecretManagement.LastPassOptionally, you can set it as the default vault by also providing the
-DefaultVault
parameter.
At this point,
you should be able to use
Get-Secret, Set-Secret
and all the rest of the
SecretManagement
commands!
The module also have the following vault parameter, that can be provided at registration.
Call lpass CLI through Windows Subsystem for Linux (WSL).
- Working with WSL
# Dedicated function
Register-LastPassVault -Vault 'MyVault' -Wsl
# Using SecretManagement interface
Register-SecretVault -Vault 'MyVault' -ModuleName 'SecretManagement.LastPass' -VaultParameters @{
wsl = $true
}Allow to provide a custom lpass path location for the CLI
- Specifying a path
# Dedicated function
Register-LastPassVault -Vault 'MyVault' -Path "/usr/bin/some path/to/lpass"
# Using SecretManagement interface
Register-SecretVault -Vault 'MyVault' -ModuleName 'SecretManagement.LastPass' -VaultParameters @{
lpassPath = "/usr/bin/some path/to/lpass"
}(Accept: Default,Detailed)
By default, regular credentials are returned as string (for notes) and PSCredential (for credentials) Setting this parameter to Detailed will always return a hashtable. Effectively, this mean that the URL / Notes parameter of the regular credential will be exposed.
Register a SecretVault of type SecretManagement.LastPass
Name of the vault to be registered. If no name is provided, SecretManagement.LastPass will be used.
Call lpass CLI through Windows Subsystem for Linux (WSL).
All records will be returned as hashtable. Notes and regular credentials. In turn, Notes and URL field from the credential will also be returned.
Custom path to the lpass CLI
Unregister a SecretVault of type SecretManagement.LastPass
Name of the vault to be unregistered.
Connect the user to LastPass account.
Name of the vault to connect to.
Username to connect with.
Cause subsquent logins to not require multifactor authentication.
Save the LastPass decryption key on the hard drive so re-entering password once the connection window close is not required anymore. This operation will prompt the user.
Disconnect the user to LastPass account.
Name of the vault to perform the disconnect against.
Forces a synchronization of the local cache with the LastPass servers, and does not exit until the local cache is synchronized or until an error occurs
Name of the vault
Show LastPass GridView secrets then show the selected secret.
Name of the vault used for the lookup
If set, the secret GridView will be automatically reloaded after a secret is shown
If set, Secret will be returned with the title and in a Format-Table -Wrap to show multiline note properly.
This cmdlet can make use of the improved Out-ConsoleGridView cmdlet if using Powershell 6.2 or newer and Microsoft.PowerShell.ConsoleGuiTools is installed. Otherwise, Out-GridView will be used.
Some limitations exist on this module, inherent to the CLI they are based on.
Custom credential types
- Custom notes can be read and edited but attempting to create a new item of a custom type will fail (Open issue from 2016)
- Case-sensiive hashtables will be used if the fetched secret contain multiple time the same key name under different cases (eg: USERNAME,username)