Closed chadbaldwin closed 3 years ago
This is kind of a chicken and egg thing. SecretStore needs a configuration when loaded and it will default to the interactive password required configuration by default.
You can avoid this by running Set-SecretStoreConfiguration
first thing after installing the module (before you register SecretStore as an extension vault).
Alternatively, you can also use the Reset-SecretStore
to force set the configuration. This causes any secret data to be deleted, but since you haven't yet added any secret data, it should be Ok to use.
PS C:\> Register-SecretVault -ModuleName Microsoft.PowerShell.SecretStore -Name SecretStore -DefaultVault
PS C:\> Reset-SecretStore -Authentication None -Interaction None -Force
WARNING: !!This operation completely removes all SecretStore module secrets and resets configuration settings to new values!!
PS C:\> Set-Secret -Name Testing -Secret 'Testing123'
PS C:\> Get-SecretInfo
Name Type VaultName
---- ---- ---------
Testing String SecretStore
PS C:\> Get-Secret -Name Testing -AsPlainText
Testing123
@PaulHigin, thanks! that appears to work for me.
I would think that when the vault is initially configured it would splat the parameters from -VaultParameters
and use those as the new defaults. It seems odd that in your example, the "Authentication" and "Interaction" parameters are specified twice.
Whoops, I just copied/pasted. There is no need to pass Authentication/Interaction as vault parameters, as SecretStore does not currently handle them.
@PaulHigin Ah! Okay, that completely clears that up then. Thanks! I guess since this isn't a bug, and it's intentional (though I'd admit a bit of an odd workflow) I'll close with comment. Thanks!
I'm having trouble figuring out how to register the SecretStore without a password from the beginning. AKA, you never have to provide a password at all. I can't tell if I'm doing something wrong, misunderstanding how it works, or if this is a bug?
Here's what I'm trying:
Install the modules:
Register a new SecretVault using the SecretStore module as the default:
Now here is where I run into issues...
If I try this:
I end up with this:
I can't tell if I'm doing something wrong? It doesn't make sense for it to ask me for a password if I say it doesn't need one, and then ask me to provide the same password to remove it.
If it's not a bug, then the only thing I can think of is that it's still using the password behind the scenes for the encryption/decryption process, and the setting
Authentication
is more about usage of the vault, but the password itself is still used for encryption/decryption.I also tried passing in default registration parameters to
Register-SecretVault
like this:And it still required a password, in fact, it didn't even apply the settings after registration, it seems to ignore them completely: