PSKeystore: A simple way to manage credentials

By Paul Shamus

Elevator Pitch

Managing secrets, like credentials, with PowerShell doesn’t have to be hard, especially when working on a team. From beginner to advanced user, PSKeystore allows you to easily create and use secrets while giving you flexibility to control access to them.

Description

Every PowerShell user in the history of PowerShell has struggled with the use and storage of credentials. Many solutions exist, from the (costly) well-secured, third-party credential management product to storing credentials in plain text in a file. (PSA: Nobody should do this. Ever.) Add in the complexity of working on a team and the stress level of managing those secrets goes through the roof. The solution? PSKeystore.

Using certificates and PowerShell-fu, PSKeystore not only protects your secrets, but your team’s as well. Items such as API keys and PSCredentials can easily be created and retrieved in a way that keeps them secure but also usable, all the while keeping your automated scripts just that…automated. No more annoying prompts!

Notes

Topic Outline

Who am I?

Twitter: @pshamus

Requirements

Windows only for now, WMF 5.0, Configuration module by Joel Bennett

Discuss basic underpinnings of Keystore

  • JSON-based files stored on NTFS filesystem, validated against JSON schema to ensure file is in a valid format
  • Secrets protected with Protect-CmsMessage

How is it different than other solutions

  • Keystore (https://www.powershellgallery.com/packages/Keystore/1.0.1.0)
  • CredentialManager (https://www.powershellgallery.com/packages/CredentialManager/2.0)

Discuss parts of Keystore (Access Groups, Stores, Items)

  • Access Group - https://github.com/pshamus/PSKeystore/blob/master/Docs/Module/Get-KeystoreAccessGroup.md
  • Stores - https://github.com/pshamus/PSKeystore/blob/master/Docs/Module/Get-KeystoreStore.md
  • Items - https://github.com/pshamus/PSKeystore/blob/master/Docs/Module/Get-KeystoreItem.md (Documentation coming)

How it can be used

In its simplest form:

New-KeystoreItem -Name 'mycred' -Credential (Get-Credential)

Get-KeystoreCredential -Name 'mycred'

How to get it

  • PowerShell Gallery (TBD)
  • GitHub (https://github.com/pshamus/PSKeystore)