PSCredential BuiltInVault secrets messed up after 2.9.3 upgrade

Product: PowerShell Universal
Version: 2.9.3

I upgraded to 2.9.3 from 2.8.2 and it wiped out the credentials I had saved in the Variables. I imported them back in from the BuiltInLocalVault, but it only keeps the most recent creds added as a PSCred, the ones added before it turn into strings.

Reproduce:

Add User as a pscred

image526×599 7.36 KB

image1134×123 4.7 KB

Add User2 as a pscred

image523×603 7.59 KB

User1 is now a string and cannot be used as RunAs credentials

image1109×193 5.94 KB

Add User3

image522×601 7.45 KB

User 1 and 2 are now strings and cannot be used for RunAs

image1142×312 8.56 KB

Delete user1 and now 2 and 3 are strings and can’t’ be used as RunAs

image1037×187 5.57 KB

I haven’t tried using the PSUSecretStore yet. Will try that now.

This is fixed in 2.10. The issue is that -Value '' is being added to the variable.ps1 credentials. You can work around it by removing the -Value '' from that PS1 file.

Thanks!

I’ve also run into issues where jobs will not be able to get the credentials when run on schedule, but the next run will get the creds fine

image792×332 17.4 KB

This runs every hour, and job 54855 failed to get the creds from the local vault. Is this fixed in 2.10?

This is fixed in 2.10. The problem is when multiple jobs run at the same time. You can work around 2.9.3 by setting a random delay on the schedule but in 2.10 we synchronize access to the secret management and rolled back some changes we made that were not thread safe. We are using the standard secret management module again and not the patched one we had included previously.