Justin Grote

Not sure what you mean, all keys are securestrings, and base64 is a string, so you can just save it in its base64 format with set-secret and then retrieve it...

As long as there's still pursuit of breaking out all the subsystems and having a "slim" powershell option, I'm fine with a "batteries included" version that includes SecretManagement, it follows...

> @JustinGrote there is under [this issue](https://github.com/PowerShell/PowerShell/issues/5681) which is still in the consider bucket There's lots of subsystems (remoting, etc.) that can be stripped out too and is a work...

I like idea 2 a lot, but the tricky thing in implementation will be tying the engine to a packagemanagement system and how that would work.

I 100% agree with the vision being PowerShell being a lean core runtime with a lot of the existing subsystems broken out into modules, but this will require package management...

A thought, and I may have missed this, but couldn't you still keep the encryption key in the Windows Credential store and continue a "promptless" method of access on Windows?

@PaulHigin I was thinking more that whatever the xplat store becomes, I assume it's going to be effectively like KeePass and you'll have a passphrase to unlock the encryption. What...

@PaulHigin there is one *massive* difference. With the file system permissions method the key is still not encrypted-at-rest, which a lot of compliance (HIPAA ,etc.) will not accept. Keeping the...

@PaulHigin 5.1.1, I'll try to collect more detail I just wanted to get this info out there when I ran into it, since you weren't able to reproduce it may...

> I'm unsure how to get `Publish-PSResource` to function against a Sleet Repository since `Publish-PSResource` expects credentials or an apikey. Would I be using the accesskey from the Blob Container?...