jdhitsolutions
commented
3 years ago Clearly, there is some sort of interaction happening.
Open jdhitsolutions opened 3 years ago
jdhitsolutions
commented
3 years ago Clearly, there is some sort of interaction happening.
PaulHigin
commented
3 years ago SecretManagement allows an extension vault to be registered multiple times, because it is possible that an extension vault may support different contexts via the registration VaultParameters. However, the SecretStore vault currently always operates in the logged on user scope (see SecretStore documentation: https://github.com/powershell/secretstore).
So registering SecretStore multiple times with different names just results in duplication of the same store, and doesn't make sense.
But we decided to allow this for maximum flexibility.
jdhitsolutions
commented
3 years ago Ok then. Again, it would help to have this clearer in the documentation. The bottom line is that a user can only have 1 microsoft.powershell.secretstore vault per user scope. That's too bad because I can imagine a situation where I might want 2 stores based on the default Microsoft.PowerShell.SecretStore. Or are you expecting that people will really be using an extension vault like LastPass?
SydneyhSmith
commented
3 years ago Thanks @jdhitsolutions I'd love to better understand why a user may want multiple SecretStore instances in a particular user scope, does having secretmetadata help users to organize their secrets in a way that doesnt require a second instance of the store?
Agree that we can make this more clear in the SecretStore documentation
jdhitsolutions
commented
3 years ago I might want one store with data that is associated with a module or CI/CD project I'm running and a second store for personal items. I might want one group of data to have a longer unlock time and another set to be more secure. A single store means every secret is treated the same and maybe that isn't what I want.
PetriAsi
commented
3 years ago I have same king of needs with @jdhitsolutions . Also custom or third party modules will benefit if secretstore can be register multiple times with different names and instances. Then custom module can create it's own store for it's secrets.
SjoerdV
commented
3 years ago Really need this as well. The use case is:
craibuc
commented
1 year ago I'd like to have multiple Microsoft.PowerShell.SecretStore SecretStores to segment secrets between clients.
PaulHigin
commented
1 year ago Sounds like there is a need for multiple store instances. Adding PS-Committee review for visibility.
/cc: @SteveL-MSFT, @SydneyhSmith
craibuc
commented
1 year ago Is there a way to create independent, Microsoft.PowerShell.SecretStore instances by supplying values to -VaultParameters?
ckolumbus
commented
7 months ago @PaulHigin this topic seems to be stale for a while again, but I need exactly the same functionality. So a +1 for this topic from my side.
Admiral-AI
commented
6 months ago +1 would like this feature if possible to implement
Pseudolegend
commented
4 months ago I would also find this feature useful.
lastphoenx
commented
4 months ago I would also find this feature extremly useful. I totally agree with the uses-cases mentionned before.
ArieHein
commented
2 months ago I wanted to create two vaults based on SecretStore, per environment :
register-SecretVault -name SecretStoreDev -ModuleName Microsoft.PowerShell.SecretStore -Description "Dev Vault"
register-SecretVault -name SecretStoreProd -ModuleName Microsoft.PowerShell.SecretStore -Description "Prod Vault"
But its not enough to be able to have them, they need to be separated when you use Get-SecretStoreConfiguration
and when you use Set-SecretStoreConfiguration as i would like differernt passwords for each and locking behavior as example.
I don't know if this is a documentation issue or a bug, so I'll ask. I have a vault registered using Microsoft.PowerShell.SecretStore. I then tried to create a second vault.
Get-SecretVaultshows it. I have nothing in the vault but if I runGet-SecretInfo, I see all the entries from my default vault, even though the vault name shows the new demo vault. Are we limited to one vault per user of a given module? If so, that needs to be clearer in the documentation.