Feature Request: Get token automatically

[danroot]

I would like to write scripts to automate various devops tasks for developers. I'm able to do so with a personal access token, like this:

$pat = get-content .devopspat -ErrorAction SilentlyContinue $_=Connect-ADO -Organization $org -PersonalAccessToken $pat -UseDefaultCredentials -ErrorAction Stop

However I would like to make the scripts not require storing a pat in clear text. I'd like to do similar to "az login" - if the current session doesn't have auth token in keychain, open the browser to get one and then use that for future calls. Is this feasible today?

If not feasible, what is the recommended way to safely store pats for use in scripts?

[StartAutomating]

@danroot Thanks for the issue.

I'd love it if there was an easy way to get the PAT after az login. If you know of one, or see any environment variable change, I could probably change the way things work here.

As far as the general question goes...

I have some very old solutions for this that will work on Windows, but I'm not going to spend my time explaining them.

Instead, I'll redirect you to the modern / official answer on this, from the PowerShell team:

Set-Secret and Get-Secret should do most of the trick for you. You'll need to install the SecretManagement module and any number of extensions for secret management.