Managing secrets in PowerShell with Set-Secret and Get-Secret

PowerShell scripts for production and staging environments often need credentials or API keys, but storing secrets in plain text script files is never a good idea. Luckily, modern PowerShell offers a few straightforward and secure ways to handle secrets without hardcoding anything.

The easiest option is to use the SecretManagement and SecretStore modules. These provide a secure vault for storing credentials locally. You can install them with the following commands:

Install-Module Microsoft.PowerShell.SecretManagement
Install-Module Microsoft.PowerShell.SecretStore

After installation, register a vault. This were the secrets are stored. For instance:

Register-SecretVault -Name LocalStore -ModuleName Microsoft.PowerShell.SecretStore

Now you can store a secret just once:

Set-Secret -Name ApiKey -Secret "12345-ABCDE"

...and retrieve it safely from any script:

$apiKey = Get-Secret -Name ApiKey

This keeps your code clean, avoids committing secrets into source control, and still gives you a simple API that works on Windows, macOS and Linux.

If you're writing scripts for production use, I highly recommend looking into this approach. It's secure, simple and built into the PowerShell system.

Safer scripting!