Appsettings.json Encryption Keys

Product: PowerShell Universal
Version: 3.8.3

While doing some audits of our production PowerShell Universal instance, I found that the Jwt signing key and the SecretStore password in the appsettings.json file were set up in a way that runs counter to our organizational policy. Would changing the JWT signing key invalidate existing tokens? Would changing the SecretStore password make passwords saved to that store inaccessible?

Changing either of those will invalidate the respective resources.

The SecretStore is actually the MSFT secret store module. You should be able to update the password and not have to migrate all the data: Set-SecretStorePassword (Microsoft.PowerShell.SecretStore) - PowerShell | Microsoft Learn

Note that the secret store is created in the service accounts profile so you will need to run that command as that user.

For the App Tokens, you’ll have to issue new ones with the new signing key.

I was expecting it would Thanks, Adam!