VMware PowerCLI

The Best User Interface for your VMware Datacenter!

Provide plugin security for the CredentialStoreItem cmdlets

The CredentialStoreItem cmdlets, in their current implementation, use the DPAPI methods to encrypt/decrypt, and store the data in a local XML file.
The DPAPI is the reason these cmdlets are not supported on PS Core.

This proposal suggests providing the possibility to use any Credential Store solution to store and retrieve credentials.
This could be implemented by asking the user to provide basic CRUD functionality to access his Credential Store solution of choice. This functions could even be provided as code-block parameters on the CredentialStoreItem cmdlets.

If none are provided, the cmdlets can eventually fall back on their current solution.

  • Luc Dekens
  • Jul 17 2019
  • Attach files
  • Admin
    Jake Robinson commented
    July 18, 2019 14:54

    So, a PowerCLI configuration parameter to set a script or code block for handling storage of secrets?

  • Luc Dekens commented
    July 18, 2019 15:01

    How and where these hooks are provided is completely your choice.
    Several of the old 'Guest' cmdlets used scripts in a specific folder, but that is just one option.

    Securing such hooks is another chapter, which I'm sure the excellent PowerCLI Devs can tackle.
    The calling cmdlet could, for example, insist that these blocks are signed.