SecretManagement vault extensions and capabilities

I’ve recently been attempting to add SecretManagement support to some of my PowerShell modules so users can optionally choose to retrieve credentials from a vault rather than a local encrypted config. But I keep running into vault extension specific limitations that I need to work around in order to retain compatibility with the most vault extensions.

For instance, Azure KeyVault secret names can only contain alphanumeric characters and dashes. No special characters, not even underscores. Its vault extension also doesn’t (yet?) support writing secret metadata. Some vault extensions can’t write secrets, they can only retrieve them.

I’m wondering if anyone has put together a summary of vault extensions and their capabilities and/or limitations? All I seem to get from web searching are endless blog posts on the basics of how to use SecretManagement.

1 Like