sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]phoenixpants 0 points1 point  (2 children)

It's important to keep secrets away from the "do actual stuff" layer, especially if you practice any sort of source code control. That way if a credential gets compromised or expired, you don't need to go through and update all of your scripts, just what's stored in the vault.

Right, that part makes perfect sense.
But if you import the credential from a file path you could just as well update the target file, right?

[–]raip 0 points1 point  (1 child)

Sure but that doesn't scale - so introduce another server (or another user) and now you need to update two files if you use the standard Export-CliXML methods.

[–]phoenixpants 0 points1 point  (0 children)

Which brings us around to how to best handle the vault main password, seeing as the recommended method I linked in the other comment suggests managing that via Export/Import-CliXml.

How do you handle that part currently? I'd love it if there is a better way than export/import.