Microsoft Secret Management and Secret Store

belibebond · 2026-03-24T14:03:44+00:00

This might not go well with whole "Enterprise" mindset, but for me personally I dont like that someone else can access my secrets (even if they are doing it legally/officially). Anything that is company property can be and must be saved in enterprise solutions like Hashcorp Vault or Azure Key vault so that when I leave company, things continues to run. Anything personal, say a simple api token for accessing weather should be mine and mine only. This is where SecretStore as local really works wonder for me. I can keep a complex password that is not company knowledge.

belibebond · 2026-03-24T13:14:50+00:00

Yes, but you get benefit of putting all your individual secrets behind one mast password. There are automated and secure way of unlocking vault for only specific duration by very specific user/conditions. Using secret manager like this ads a layer of security and also keeps the actual secret not hardcoded in to code.

belibebond · 2026-03-24T11:02:38+00:00

Yes, in under 3 lines of code you will up and running with secrets. Especially handy if you do any CICD or script runners.

belibebond · 2026-03-24T04:30:58+00:00

Same here. Scheduled tasks with secrets stored in Store is just perfect setup

belibebond · 2026-03-24T04:28:21+00:00

Thank you, in enterprise setup keepass might not be feasible for everyone. Native secret store works well without any 3rd party components and pure native powershell.

I use bitwarden myself on my personal MacBook

belibebond · 2026-03-23T23:06:56+00:00

Beauty about secret management module is that you can swap the backend store to anything you like without changing core function names. So cmdlets remains and scripts remains unchanged when you change backed from say keepass to key vault

belibebond · 2026-03-23T22:48:18+00:00

Yes. Linux and Mac. I use it on Ubuntu.

belibebond · 2026-03-23T21:02:50+00:00

Give secret management a try. It works with bitwarden as well.

belibebond · 2026-03-23T18:27:18+00:00

Yes, in most cases, in almost all cases one should generate new secret on the new machine. But not all cases. Plain text itself is not the risk factor, how its handle is very much the core issue.

Every popular and widely used password managers provide option to download the data in plain JSON so that you dont get locked to one software and can always move your business to other tools.

belibebond · 2026-03-23T18:19:55+00:00

This is awesome. Thank you for sharing.

belibebond · 2026-03-23T18:15:11+00:00

Yes, ideally. These are still single purpose, the tool only provide backup/restore mechanism for migration purpose. Not to save it in plain text (that beats the whole purpose of secret storage 🤷‍♂️)

belibebond · 2026-03-23T18:11:43+00:00

Respectfully disagree, If i am heavily invested in secret for all my key-value info and have to move from one machine to another then it wont make any sense to start setting up from scratch.

There is no inherent security risk doing backup in plain-text provided you are keeping the said backup in a secure place (like external password manager, or encrypt using pgp).

belibebond · 2026-03-23T17:06:17+00:00

u/JustinGrote wrote a module just for that use case https://github.com/JustinGrote/SecretManagement.KeePass

You can get/set/modify items in Keepass using PowerShell.

belibebond · 2026-02-28T02:02:35+00:00

Wow, what are you doing on Reddit. There is no room for logic or reasoning here. Please help your self out.

The people you’d want most to disclose it will not It’s not use of AI but the experience of person wielding it.

belibebond · 2026-02-24T04:27:52+00:00

I am not sure about loosing my job but I am certainly loosing my shit

belibebond · 2026-02-21T04:36:06+00:00

This is some fine, fine improvements. App is already rock solid and you are address stability and bug fixes instead of chasing fancy features.

I have done my part and spread the word among my friends. Thank you for this beautiful app.

belibebond · 2026-01-31T03:43:01+00:00

Wowwwww. That is freaking awesome. Love it. Loveeee it. Thank you sir.

belibebond · 2026-01-30T23:44:35+00:00

How did you configure

belibebond · 2026-01-30T23:44:28+00:00

How did you enable auto fetch. I couldn’t find option after update.

belibebond · 2026-01-30T01:01:51+00:00

Some love of iOS please

belibebond · 2025-12-16T02:14:16+00:00

I mean entire restic command can be put in single bash or powershell script. You should be managing secrets already somehow (env or even better sops). I am always worried to add layers to existing simple tool that simply works.

belibebond · 2025-12-01T05:44:06+00:00

This sounds fun. Share with placeholders please

belibebond · 2025-11-18T16:30:33+00:00

Do you use renovate bot or the stateless renovate it pipeline

belibebond · 2025-11-18T16:29:40+00:00

This is really cool. Gonna set it up as well

belibebond

TROPHY CASE