VMware Cloud Community
jeffreywmcclain
Enthusiast
Enthusiast
‎05-27-2020 10:45 AM
Jump to solution

"VICredentialStoreItem" Cmdlets don't support PowerShell Core, is there any alternative?

Hi, I was just reading the documentation and noticed that cmdlets like the following do not work on PowerShell 7:

What are the alternatives to encrypting and storing the credentials to connect to a vCenter?

1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎05-27-2020 12:21 PM
Jump to solution

There are several options, depends a bit how secure you want the store to be and how much money you want to spend.


The simplest is to emulate what the ViCredentialStoreItem cmdlets were doing, use a local command or API.
On Linux crypt, gnuPG ... come to mind.

The basic issue with most of these is that you have to find a way to safely store your private key.

The DPAPI, on which the ViCredentialSToreItem cmdlets were based, used a key specifically for a user and computer.

If you have money to spend, you look at commercial products like HashiCorp's Vault (like Chip mentioned).

On the other hand, MSFT has announced that they are developing their Secret Management Module.
In my personal opinion, this would tie in more closely with PowerShell (and hence PowerCLI).

But I could be wrong :smileygrin:

In summary: this is kind of a moving target at the moment.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

3 Replies
daphnissov
Immortal
Immortal
‎05-27-2020 11:35 AM
Jump to solution

I'd probably involve Hashicorp Vault for that purpose for this and other needs.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
LucD
Leadership
Leadership
‎05-27-2020 12:21 PM
Jump to solution

There are several options, depends a bit how secure you want the store to be and how much money you want to spend.


The simplest is to emulate what the ViCredentialStoreItem cmdlets were doing, use a local command or API.
On Linux crypt, gnuPG ... come to mind.

The basic issue with most of these is that you have to find a way to safely store your private key.

The DPAPI, on which the ViCredentialSToreItem cmdlets were based, used a key specifically for a user and computer.

If you have money to spend, you look at commercial products like HashiCorp's Vault (like Chip mentioned).

On the other hand, MSFT has announced that they are developing their Secret Management Module.
In my personal opinion, this would tie in more closely with PowerShell (and hence PowerCLI).

But I could be wrong :smileygrin:

In summary: this is kind of a moving target at the moment.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

LucD
Leadership
Leadership
‎05-27-2020 12:31 PM
Jump to solution

On a side note, with proxy functions, you can use your own code to change the ViCredentialStoreItem cmdlets.

I did a session on that at the PowerShell + DevOps Global Summit 2019.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference