Last active
February 22, 2022 06:13
-
-
Save doctordns/e26bdaf6b471375c613a01dbc54f463c to your computer and use it in GitHub Desktop.
Secrets Script For PS Community Blog
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Gist for Secrets Management PS Community Blog Post | |
# 1. Discover the modules | |
Find-Module -Name 'Microsoft.PowerShell.Secret*' | | |
Format-Table -Wrap -AutoSize | |
# 2. Install both modules | |
Install-Module -Name $Names -Force -AllowClobber | |
# 3. Examine them | |
Get-Module -Name Microsoft*.Secret* -ListAvailable | | |
Format-Table -Property ModuleType, Version, Name, ExportedCmdlets | |
# 4. Register the default secrets provider | |
Import-Module -Name 'Microsoft.PowerShell.SecretManagement' | |
Import-Module -Name 'Microsoft.PowerShell.SecretStore' | |
$Mod = 'Microsoft.PowerShell.SecretStore' | |
Register-SecretVault -Name RKSecrets -ModuleName $Mod -DefaultVault | |
# 5. View Secret vault | |
Get-SecretVault | |
# 6. Set the Admin password secret for Reskit forest | |
Set-Secret -Name ReskitAdmin -Secret 'Pa$$w0rd' | |
# 7. Create a credential object using the secet | |
$User = 'Reskit\Administrator' | |
$PwSS = Get-Secret ReskitAdmin | |
$Cred = [System.Management.Automation.PSCredential]::New($User,$PwSS) | |
# 8. Let's cheat and see what the password is first. | |
$PW = $Cred.GetNetworkCredential().Password | |
"Password for this credential is [$PW]" | |
# 9. Using the credential against DC1 | |
$Cmd = {hostname.exe} | |
Invoke-Command -ComputerName DC1 -Credential $Cred -ScriptBlock $Cmd | |
# 10. Setting metadata | |
Set-Secret -Name ReskitAdmin -Secret 'Pa$$w0rd' -Metadata @{Purpose="Reskit.Org Enterprise/Domain Admin PW"} | |
Get-SecretInfo -Name ReskitAdmin | Select-Object -Property Name, Metadata | |
# 11. Updating the metadata | |
Set-SecretInfo -Name ReskitAdmin -Metadata @{Author = 'DoctorDNS@Gmail.Com'; | |
Purpose="Reskit.Org Enterprise/Domain Admin PW"} | |
# 12. View secret information with metadata | |
Get-SecretInfo -Name ReskitAdmin | Select-Object -Property Name, Metadata |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment