Forum Discussion

Bart_Pasmans's avatar
Bart_Pasmans
Copper Contributor
Oct 13, 2025

Stop hardcoding secrets! Now what?!

Yeah, we all know this right “STOP DOING THIS”, “STOP DOING THAT!” Yeah… that’s nice, but now what?!

When you are already in the PowerShell field for some time and have created some scripts you might have been running into this topic; ‘How to deal with secrets’. There are of course solutions like KeyVault, SecureString and secret providers with API’s which help you to store the secrets you have in a secure environment.

Things like this might look familiar;

$password = "P@ssw0rd123!"
$apiKey = "sk-1234567890abcdef"
$connectionString = "Server=myserver;Database=mydb;User=admin;Password=SuperSecret123;"

But what if I told you there’s a better way? A way that’s:

 

  •  Secure by default
  •  Cross-platform (Windows, Linux, macOS)
  •  Works with multiple backends (local, Azure Key Vault, HashiCorp Vault)
  •  Standardized across your entire team
  •  Built right into PowerShell 7+ (with some extra module support)

That way forward is called ‘PowerShell SecretManagement”!

What is SecretManagement?

 

Think of PowerShell SecretManagement as the universal remote control for your secrets. With this remote control you can handle credentials for different systems while you just get one unified interface.

It doesn’t matter if that secret is stored:

  • In your local machine
  • In an Azure KeyVault
  • In HashiCorp Vault
  • In KeePass, LastPass etc.

The mindset remains the same ‘One remote control, to control them all’. The architecture behind it looks a bit like below;

 

 Explaination:

 

SecretManagement “The interface where you code against”

SecretStore “The default storage where your secrets live”

 

Getting Started

 

Let’s get started!

 

  • Start PowerShell 7+ and run the code below
Install-Module Microsoft.PowerShell.SecretManagement -Repository PSGallery -Force
Install-Module Microsoft.PowerShell.SecretStore -Repository PSGallery -Force

Now we have the required modules installed form the PowerShell Gallery it’s time to create our first vault.

Register-SecretVault -name "LocalTestVault"

It will ask you for the module. Enter the name “Microsoft.PowerShell.SecretStore”. (If you want you can also specify this value directly in the CMDLet by specifying the -ModuleName parameter.

You should end up with something like below:

 

 

First secrets

Now we have the vault set-up it’s time to add some content to it.

 

 Follow the steps below to create the first secret in the vault

 

  • Run the command below to create the first secret
Set-Secret -Name "TestSecret" -Secret "SuperDuperSecureSecretString"

 

 If you haven’t specified the password it will now ask for one!

 

You should end up with something like below;

 

 

Cool right? On my personal blog I have the full post where I also show how to change, delete, and store complex objects. You can find it here:


https://bartpasmans.tech/powershell-stop-hardcoding-secrets-now-what/

 

Happy scripting! 

azure
PowerShell 7
windows
Windows PowerShell
No RepliesBe the first to reply

Resources