Wanted to see what how others are handling secrets (API keys, access tokens, etc) when developing/testing UD. I have my secrets stored in Azure Key Vault which works really well in production but it’s a pain when developing locally.
I made a script to log into azure rm and pull the keys that the app is using, but after I finished it I started to feel uncomfortable about having them stored in a variable, it’s only around for the duration of the process, but still.
Hi @RamonMA,
I had the same issue, but luckily our lord and savior @adam released a nifty module for this purpose:
TLDR; encrypted json-file with your “secrets”.
Personally (because i’m lazy), i run everything through “Get-UDSecret” which will check if the dashboard is in dev mode, and reference the debug secret-store, and if not it will run to the production one. Works like a charm for a lazy man!
1 Like
I would also highly recommend the microsoft secret management module: https://github.com/PowerShell/Modules/tree/master/Modules/Microsoft.PowerShell.SecretManagement
3 Likes
My preference is to use an OS neutral way of saving secrets. For Enterprise grade solutions, check out HashiCorp’s Vault server. Another option which I think is likely as secure as using Hashicorp Vault is using KeyBase (keybase.io). KeyBase has KVstore feature (keyvalue store like Hashicorp Vault) and it is not very well advertised. I’ve done some automation with both these options. See the following links.
KeyBase BOT for using KVstore feature
https://keybase.pub/cadayton/PSGallery/Modules/BOTtum/BOTtum.html
PowerShell Module for Hashicorp Vault and KeyBase integration
https://keybase.pub/cadayton/PSGallery/Modules/FileVault/FileVault.html
Link to other stuff that I’ve written.
https://cadayton.keybase.pub/