en-US/SecretStoreBackup-help.xml
|
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Export-SecretStore</command:name> <command:verb>Export</command:verb> <command:noun>SecretStore</command:noun> <maml:description> <maml:para>Export the contents of a Secret Management vault.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Export-SecretStore will export all secrets in a Secret Management store. Each secret will be exported as a custom object that you can use as you want. The default behavior is to export to a cliXML. But you can use the -AsObject parameter to write vault objects to the pipeline. You might export to a JSON file or create a custom export solution. Use Import-SecretStore to restore the contents to a new store or write your own importing code.</maml:para> <maml:para>NOTE: SECRETS WILL BE EXPORTED AS PLAIN TEXT. IF YOU EXPORT TO A FILE YOU MUST PROTECT IT.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Export-SecretStore</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="Name"> <maml:name>Vault</maml:name> <maml:description> <maml:para>Enter the vault name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Password</maml:name> <maml:description> <maml:para>Enter the secure string password to unlock the vault.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SkipTest</maml:name> <maml:description> <maml:para>Skip testing the vault. Some vaults created by other SecretsManagement modules, like 1Pass, may always fails when using Test-Vault. Export-SecretStore will test the specified vault by default, but you can choose to skip this step.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AsObject</maml:name> <maml:description> <maml:para>Export the secrets as native objects that you can save to a file option of your choice.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Export-SecretStore</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="Name"> <maml:name>Vault</maml:name> <maml:description> <maml:para>Enter the vault name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Password</maml:name> <maml:description> <maml:para>Enter the secure string password to unlock the vault.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SkipTest</maml:name> <maml:description> <maml:para>Skip testing the vault. Some vaults created by other SecretsManagement modules, like 1Pass, may always fails when using Test-Vault. Export-SecretStore will test the specified vault by default, but you can choose to skip this step.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>FilePath</maml:name> <maml:description> <maml:para>Enter the filename and path for your cliXML export.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Password</maml:name> <maml:description> <maml:para>Enter the secure string password to unlock the vault.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SkipTest</maml:name> <maml:description> <maml:para>Skip testing the vault. Some vaults created by other SecretsManagement modules, like 1Pass, may always fails when using Test-Vault. Export-SecretStore will test the specified vault by default, but you can choose to skip this step.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="Name"> <maml:name>Vault</maml:name> <maml:description> <maml:para>Enter the vault name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AsObject</maml:name> <maml:description> <maml:para>Export the secrets as native objects that you can save to a file option of your choice.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>FilePath</maml:name> <maml:description> <maml:para>Enter the filename and path for your cliXML export.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>SecretExport</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>Learn more about PowerShell: http://jdhitsolutions.com/blog/essential-powershell-resources/</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Export-SecretStore -Vault secrets -password $pass -SkipTest -FilePath c:\work\secrets.xml</dev:code> <dev:remarks> <maml:para>Export the secrets vault to c:\work\secrets.xml. The $pass variable is a secure string.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Export-SecretStore -vault secrets -asObject Name : demo3 Vault : secrets Metadata : {[updated, 4/15/2024 8:52 AM], [tags, demo,test], [ver, 1]} OriginalType : String Value : foo ExportDate : 4/16/2024 8:41 AM Computername : WINDESK11 Username : WINDESK11\Jeff Name : company Vault : secrets Metadata : {} OriginalType : PSCredential Value : {Password, Username} ExportDate : 4/16/2024 8:41 AM Computername : WINDESK11 Username : WINDESK11\Jeff ...</dev:code> <dev:remarks> <maml:para>Export all items in the Secrets vault. You will be prompted for the password. The PSCredential object will store the password in plain text.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 3 --------------------------</maml:title> <dev:code>PS C:\> Export-SecretStore -Vault secrets -password $pass -AsObject | where OriginalType -ne PSCredential | ConvertTo-json | Out-File c:\work\export.json -NoClobber</dev:code> <dev:remarks> <maml:para>Export all secrets other than PSCredentials, convert to JSON, and save to a file. The password variable is a secure string.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 4 --------------------------</maml:title> <dev:code>PS C:\> Export-SecretStore -Vault 1Pass -pass $pass -SkipTest -FilePath c:\work\lp.xml</dev:code> <dev:remarks> <maml:para>Export the contents of the 1Pass vault to a cliXML file. Some vaults created by other SecretsManagement modules, like 1Pass, may always fails when using Test-Vault. Export-SecretStore will test the specified vault by default, but you can choose to skip this step.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Import-SecretStore</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-Secret</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-SecretInfo</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Import-SecretStore</command:name> <command:verb>Import</command:verb> <command:noun>SecretStore</command:noun> <maml:description> <maml:para>Import items into a Secrets Management vault.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Import-SecretStore is designed to be used in conjunction with Export-SecretStore. The command should work with any export saved to a file using Export-Clixml or converted to JSON. Since all of the values in the file are presumably plaintext, anything that needs to be stored as a secure string will be, using the current system. The entire process allows you to back up a vault to a file and then recreate the vault on a new system. The new vault must already exist before importing.</maml:para> <maml:para>It is possible that not all metadata will be properly imported or imported as the correct type.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Import-SecretStore</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The secret name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none"> <maml:name>Value</maml:name> <maml:description> <maml:para>The secret value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Object</command:parameterValue> <dev:type> <maml:name>Object</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Metadata</maml:name> <maml:description> <maml:para>Hashtable containing Name/Value pair that are stored in the vault. The specified extension vault may not support secret metadata, in which case the operation will fail. The metadata Name/Value value type must be one of the following:</maml:para> <maml:para> - string</maml:para> <maml:para> - int</maml:para> <maml:para> - DateTime</maml:para> <maml:para>If you exported a secret with Export0-SecretStore, metadata was also exported and will be used on import.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue> <dev:type> <maml:name>Hashtable</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoClobber</maml:name> <maml:description> <maml:para>When used this parameter will cause an error if the secret metadata already exists.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Password</maml:name> <maml:description> <maml:para>Enter the secure string password to unlock the vault.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="OriginalType"> <maml:name>Type</maml:name> <maml:description> <maml:para>The secret type.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">String</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">SecureString</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Hashtable</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">ByteArray</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">PSCredential</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Vault</maml:name> <maml:description> <maml:para>Enter the vault name. The vault must exist before importing.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Metadata</maml:name> <maml:description> <maml:para>Hashtable containing Name/Value pair that are stored in the vault. The specified extension vault may not support secret metadata, in which case the operation will fail. The metadata Name/Value value type must be one of the following:</maml:para> <maml:para> - string</maml:para> <maml:para> - int</maml:para> <maml:para> - DateTime</maml:para> <maml:para>If you exported a secret with Export0-SecretStore, metadata was also exported and will be used on import.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Hashtable</command:parameterValue> <dev:type> <maml:name>Hashtable</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The secret name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoClobber</maml:name> <maml:description> <maml:para>When used this parameter will cause an error if the secret metadata already exists.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Password</maml:name> <maml:description> <maml:para>Enter the secure string password to unlock the vault.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="OriginalType"> <maml:name>Type</maml:name> <maml:description> <maml:para>The secret type.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none"> <maml:name>Value</maml:name> <maml:description> <maml:para>The secret value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Object</command:parameterValue> <dev:type> <maml:name>Object</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Vault</maml:name> <maml:description> <maml:para>Enter the vault name. The vault must exist before importing.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Collections.Hashtable</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>Learn more about PowerShell: http://jdhitsolutions.com/blog/essential-powershell-resources/</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Import-Clixml c:\work\saved.xml | Import-SecretStore -vault NewSecrets</dev:code> <dev:remarks> <maml:para>This example assumes that saved.xml was created using Export-SecretStore. The file is imported and piped to Import-SecretStore which recreates the entries in the specified vault. The vault must already exist. You will be prompted for the vault password.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Register-SecretVault -Name demo -Description "test vault" -ModuleName Microsoft.Powershell.SecretStore PS C:\> $in = Get-Content C:\work\demo.json | ConvertFrom-json PS C:\> $in | Import-SecretStore -vault demo</dev:code> <dev:remarks> <maml:para>The JSON file was created from Export-SecretStore. Due to how JSON data is converted, you need an interim step to save the converted data to a variable and then import from that.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Export-SecretStore</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-Secret</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-SecretInfo</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> </helpItems> |