SecretManagement
SecretManagement copied to clipboard
Published
20 hours ago •
PowerShell
PowerShell
Set-Secret asks for password to unlock vault that has already been unlocked with Unlock-SecretStore
Prerequisites
- [X] Write a descriptive title.
- [X] Make sure you are able to repro it on the latest released version
- [X] Search the existing issues.
Steps to reproduce
Here is a script:
Set-StrictMode -Version Latest
$ErrorActionPreference = 'Stop'
$InformationPreference = 'Continue'
# Install necessary modules from powershell gallery
Write-Host "Installing dependencies..."
Install-Module Microsoft.PowerShell.PSResourceGet -Force
Install-Module PowerShellGet -Force
Install-PSResource Microsoft.PowerShell.SecretManagement -TrustRepository
Install-PSResource Microsoft.PowerShell.SecretStore -TrustRepository
Import-Module Microsoft.PowerShell.SecretStore -Force
# Create the default secret vault
$SecretVaultName = 'PowerShellModulesSecretVault'
$defaultVault = Get-SecretVault | Where-Object { $_.IsDefault }
if (!$defaultVault) {
$secretVaultPassword = Read-Host "Enter your new PowerShell SecretStore password" -AsSecureString
Register-SecretVault -Name $SecretVaultName -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault
Set-SecretStoreConfiguration -Scope CurrentUser -Authentication Password -Confirm:$false -Password $secretVaultPassword
Unlock-SecretStore -Password $secretVaultPassword -Verbose
} else {
$SecretVaultName = $defaultVault.Name
Unlock-SecretStore
}
$PowerShellModulesRepository = "https://CompanyName.pkgs.visualstudio.com/_packaging/CompanyNamePowerShell/nuget/v3/index.json"
# Put the PAT in as a secret with a known name
$SecretName = 'PowerShellModulesRepositoryPAT'
$PowerShellModulesRepositoryPATSecureString = Read-Host -Prompt "Enter your Azure DevOps Artifacts Personal Access Token (PAT). To obtain a new token, navigate to https://CompanyName.visualstudio.com/_usersSettings/tokens and create a new token that has the 'read artifacts' scope" -AsSecureString
$PowerShellModulesRepositoryPATSecureStringSecret = [System.Management.Automation.PSCredential]::new($SecretName, $PowerShellModulesRepositoryPATSecureString)
Set-Secret -Vault $SecretVaultName -Name $SecretName -Secret $PowerShellModulesRepositoryPATSecureStringSecret
# Register the resource repository, telling it which vault and the name of the secret it should use
$RepositoryName = 'PowerShellModulesRepository'
$credentialInfo = [Microsoft.PowerShell.PSResourceGet.UtilClasses.PSCredentialInfo]::new($SecretVaultName, $SecretName);
Register-PSResourceRepository -Name $RepositoryName -Uri $PowerShellModulesRepository -CredentialInfo $credentialInfo -Trusted -Priority 40 -Force
Get-PSResourceRepository
Expected behavior
When `Set-Secret` runs, no password should be requested.
Actual behavior
`Set-Secret` requests the user enter the password again.
Here is the full output:
PS C:\Users\Teatowel> Set-StrictMode -Version Latest
PS C:\Users\Teatowel> $ErrorActionPreference = 'Stop'
PS C:\Users\Teatowel> $InformationPreference = 'Continue'
PS C:\Users\Teatowel>
PS C:\Users\Teatowel> # Install necessary modules from powershell gallery
PS C:\Users\Teatowel> Write-Host "Installing dependencies..."
Installing dependencies...
PS C:\Users\Teatowel> Install-Module Microsoft.PowerShell.PSResourceGet -Force
WARNING: The version '1.0.2' of module 'Microsoft.PowerShell.PSResourceGet' is currently in use. Retry the operation after closing the applications.
PS C:\Users\Teatowel> Install-Module PowerShellGet -Force
WARNING: The version '1.4.8.1' of module 'PackageManagement' is currently in use. Retry the operation after closing the applications.
WARNING: The version '2.2.5' of module 'PowerShellGet' is currently in use. Retry the operation after closing the applications.
PS C:\Users\Teatowel> Install-PSResource Microsoft.PowerShell.SecretManagement -TrustRepository
WARNING: Resource 'Microsoft.PowerShell.SecretManagement' with version '1.1.2' is already installed. If you would like to reinstall, please run the cmdlet again with the -Reinstall parameter
PS C:\Users\Teatowel> Install-PSResource Microsoft.PowerShell.SecretStore -TrustRepository
WARNING: Resource 'Microsoft.PowerShell.SecretStore' with version '1.0.6' is already installed. If you would like to reinstall, please run the cmdlet again with the -Reinstall parameter
PS C:\Users\Teatowel>
PS C:\Users\Teatowel> Import-Module Microsoft.PowerShell.SecretStore -Force
PS C:\Users\Teatowel>
PS C:\Users\Teatowel> # Create the default secret vault
PS C:\Users\Teatowel> $SecretVaultName = 'PowerShellModulesSecretVault'
PS C:\Users\Teatowel> $defaultVault = Get-SecretVault | Where-Object { $_.IsDefault }
PS C:\Users\Teatowel> if (!$defaultVault) {
>> $secretVaultPassword = Read-Host "Enter your new PowerShell SecretStore password" -AsSecureString
>> Register-SecretVault -Name $SecretVaultName -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault
>> Set-SecretStoreConfiguration -Scope CurrentUser -Authentication Password -Confirm:$false -Password $secretVaultPassword
>> Unlock-SecretStore -Password $secretVaultPassword -Verbose
>> } else {
>> $SecretVaultName = $defaultVault.Name
>> Unlock-SecretStore
>> }
Enter your new PowerShell SecretStore password: ****
PS C:\Users\Teatowel>
PS C:\Users\Teatowel> $PowerShellModulesRepository = "https://CompanyName.pkgs.visualstudio.com/_packaging/CompanyNamePowerShell/nuget/v3/index.json"
PS C:\Users\Teatowel>
PS C:\Users\Teatowel> # Put the PAT in as a secret with a known name
PS C:\Users\Teatowel> $SecretName = 'PowerShellModulesRepositoryPAT'
PS C:\Users\Teatowel> $PowerShellModulesRepositoryPATSecureString = Read-Host -Prompt "Enter your Azure DevOps Artifacts Personal Access Token (PAT). To obtain a new token, navigate to https://CompanyName.visualstudio.com/_usersSettings/tokens and create a new token that has the 'read artifacts' scope" -AsSecureString
Enter your Azure DevOps Artifacts Personal Access Token (PAT). To obtain a new token, navigate to https://CompanyName.visualstudio.com/_usersSettings/tokens and create a new token that has the 'read artifacts' scope: ****
PS C:\Users\Teatowel> $PowerShellModulesRepositoryPATSecureStringSecret = [System.Management.Automation.PSCredential]::new($SecretName, $PowerShellModulesRepositoryPATSecureString)
PS C:\Users\Teatowel> Set-Secret -Vault $SecretVaultName -Name $SecretName -Secret $PowerShellModulesRepositoryPATSecureStringSecret
Vault PowerShellModulesSecretVault requires a password.
Enter password:
****
PS C:\Users\Teatowel>
PS C:\Users\Teatowel> # Register the resource repository, telling it which vault and the name of the secret it should use
PS C:\Users\Teatowel> $RepositoryName = 'PowerShellModulesRepository'
PS C:\Users\Teatowel> $credentialInfo = [Microsoft.PowerShell.PSResourceGet.UtilClasses.PSCredentialInfo]::new($SecretVaultName, $SecretName);
PS C:\Users\Teatowel> Register-PSResourceRepository -Name $RepositoryName -Uri $PowerShellModulesRepository -CredentialInfo $credentialInfo -Trusted -Priority 40 -Force
PS C:\Users\Teatowel>
PS C:\Users\Teatowel> Get-PSResourceRepository
Name Uri Trusted Priority
---- --- ------- --------
PowerShellModulesRepository https://companyname.pkgs.visualstudio.com/_packaging/CompanyNamePowerShell/nuget/v3/index.json True 40
PSGallery https://www.powershellgallery.com/api/v2 False 50
Error details
No response
Environment data
Name Value
---- -----
PSVersion 7.4.1
PSEdition Core
GitCommitId 7.4.1
OS Microsoft Windows 10.0.19044
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Version
What is "Crescendo"?
Visuals
No response
