A Key Vault for your Powershell Scripts
This is a nice way to store secrets or API keys under the user account that runs the script so that you don't have plain text secrets, keys, etc. in your script. The basic idea is to create a "local" (user) powershell key vault, stash your keys and secrets in there and then call for them with Get-Secret in your scripts, as needed.
This particular script disables any authentication to your vault so that your script doesn't need to provide authentication to access the secrets within the vault but you can change that if needed. Might be a good idea where the key vault is setup under a shared Windows account.
Powershell
# Key vault creation initialiization and script
# This script will install the modules necessary for creating a PowerShell Key Vault.
# It will then load the vault with commonly used secrets for conencting to verious services.
Install-Module Microsoft.PowerShell.SecretManagement
Install-Module Microsoft.PowerShell.SecretStore
Import-Module Microsoft.PowerShell.SecretManagement
Import-Module Microsoft.PowerShell.SecretStore
# Register the custom vault
Register-SecretVault -Name AutomationStore -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault
# Set the secret store configuration to not require authentication and set a password
$vaultPwd = ConvertTo-SecureString 'Your Key Vault Password' -AsPlainText -Force
Set-SecretStoreConfiguration -Authentication None -Password $vaultPwd
# Start adding your plain text secrets
Set-Secret -Name MyFirstSecret -Secret "abc123!#$"
Set-Secret -Name MyAPIKey -Secret "yyz54321!!"
# This bit will prompt you for username/password combination and store them together
# This can be useful for scenarios that need local or Azure AD user credentials
Write-Host "You will now be asked for a username and password combination."
Write-Host "e.g. alan.watts@deepwaterdreams.com, etc."
Write-Host "The username and password are stored in the vault as a credential set."
Write-Host ""
# Confirm if user is ready
$userInput = Read-Host "Are you ready to proceed? [Y/N]"
if ($userInput -eq 'Y') {
# Get the credential
$credential = Get-Credential -Message "Please enter your local or Azure AD credentials"
# Store the credential
Set-Secret -Name "MyAzureADCredentials" -Secret $credential
Write-Host "Credential saved successfully."
}
elseif ($userInput -eq 'N') {
Write-Warning "You'll need to create an Azure AD secret manually later."
exit
}
else {
Write-Warning "Invalid option. Exiting."
exit
}
You can now fetch secrets or API keys using...
Powershell
$MyScriptsSecret = Get-Secret -Name MyFirstSecret -AsPlainText
You can use the credential set for scenarios such as the following...
Powershell
$credential = Get-Secret -Name "MyAzureADCredentials"
Connect-ExchangeOnline -Credential $credential -ShowBanner:$false