PowerShell Secrets Management is released, and it’s off to a very good start, but there are some things you might want to watch out for.
The first one got me almost immediately – right after installing both modules and creating my first store. I tried to create a new secret, and was prompted for a password. It manifested in 2 different ways:
“Exception Calling Prompt Unlock Vault” was the first, and occurred when trying to perform pretty much any cmdlet associated with a store. Deleting and recreating the store made no difference.
The second issue was an exception claiming a null value was passed as a password, when it clearly wasn’t the case:
"Cannot convert null to 'Microsoft.PowerShell.SecretStore.Authenticate' because it is a non-nullable value type"
There is good news, though – both issues can be solves with a simple Reset-SecretStore.
The next is an odd one – the scope for vaults is limited to the current user. You can’t add a vault with AllUsers, for example:
PS C:\blog (8:10:28 PM) > Set-SecretStoreConfiguration -Scope AllUsers Set-SecretStoreConfiguration: AllUsers scope is not yet supported.
So this means that you can’t create a store with your normal account, and access it with a service account or admin account. The only two currently allowed values are “CurrentUser” and “AllUsers”, but fails with the above error if you try AllUsers. This could potentially be a deal breaker for some, but the error message hints that support might be coming in the future.
So that’s it! A quick on this time, but I hope it helps save you a few minutes of frustration.