Skip to main content

Several of the modules documented on this site can leverage the "Secret Management" module from Microsoft to store and retrieve authentication and configuration information.

Before you can use the secret management module you will need to install it and perform some setup steps which are documented here:

Installing

The secret management module is installed from the PowerShell Gallery (PSGallery) with the following command:

Install-Module -Name 'Microsoft.PowerShell.SecretManagement'

Configuring

Next you need to add a secret management vault. There are a few options available to you here including, but not limited to, the following:

  • Azure Key Vault (provided by the Az.KeyVault module)
  • Keeper Secret Manager (provided by the SecretManagement.Keeper module)
  • KeePass (provided by the SecretManagement.KeePass module)
  • LastPass (provided by the SecretManagement.LastPass module)
  • HashiCorp Vault (provided by the SecretManagement.HashiCorp.Vault.KV module)
  • BitWarden (provided by the SecretManagement.Bitwarden module)
  • 1Password (provided by the SecretManagement.1Password module)
  • CyberArk (provided by the SecretManagement.CyberArk module)
  • AWS (provided by the SecretManagement.Aws module)
  • Mac OS KeyChain (provided by the SecretManagement.KeyChain module)
  • Windows Credential Manager (provided by the SecretManagement.JustinGrote.CredMan module)

You can look for more modules on the PowerShell Gallery or by running the following command:

Find-Module -Name '*SecretManagement*'

Once you have installed the module for your chosen secret management vault, you need to register it with the secret management module. For example, to register an Azure Key Vault you would run the following command:

$VaultParameters = @{
    SubscriptionId = '00000000-0000-0000-0000-000000000000'
    AzKVVaultName = 'homotechsual'
}
Register-SecretVault -Name 'AzureKeyVault' -ModuleName 'Az.KeyVault' -VaultParameters $VaultParameters

So here we are registering our KeyVault 'homotechsual' in the subscription '00000000-0000-0000-0000-000000000000' with the name 'AzureKeyVault' using the 'Az.KeyVault' module. The specific parameters required will depend on the secret management vault you are using - please refer to the documentation for the specific module you are using.

You can check what vaults you have registered with the following command:

Get-SecretVault

Please ensure you authenticate your secret management vault before attempting to use it. For example, to authenticate to an Azure Key Vault you would run the following command:

Connect-AzAccount
Set-AzContext -SubscriptionId '00000000-0000-0000-0000-000000000000'

This will prompt you to authenticate to your Azure subscription and then set the context to the subscription with the ID '00000000-0000-0000-0000-000000000000' which is the subscription we registered our KeyVault with earlier.

Last updated on by Mikey O'Toole