Personal vault helps to store the secrets locally and manage it in easy and
    efficient way.
    Personal vault helps to store the secrets in a key value pair and make it
    easy to manage. It uses
    's inbuild security mechanism to encrypt and decrypt the secret texts. The
    secrets are encrypted using an auto-generate 32 bits key and stored in the
    provides the cmdlet to add, get, update and remove the secrets easily. You
    can use your own key which should be of 32 bits or generate it using the
    You can secure all your secrets with individual key and store it in the
    vault. This way you can store your secrets more securely. Rotate your keys
    easily and all retrieve it using the
    parameter in the cmdlet
    Additionally, you can tab complete the available keys from the vault for
    easy retrieval of the keys.
    gives a warning if the secret value that you're trying to store is already
    exposed (or hacked) in the internet. This gives us an opportunity to review
    the secret value and change it immediately.
    Your secret values are protected with a username and password and you should
    use it every time when you try to access your vault from a new console
    # You should register first to work with the vault
    # You should remember your recovery word to recover your registered username and password
    PS C:\> $recoveryWord = Read-Host -AsSecureString
    PS C:\> Register-PSPersonalVault -Credential (Get-Credential) -RecoveryWord $recoveryWord
    # connect to the vault with the credential
    PS C:\> $connection = Connect-PSPersonalVault -Credential (Get-Credential)
    PS C:\> Add-PSSecret -Name "GMail_username" -Value "Thisisanonhackablepassword@2021" -Metadata "My personal gmail account."
    Add a secret value to the vault.
    PS C:\> Add-PSSecret -Name Test -Value 'Test@123' -Metadata "Adding a test value"
    WARNING: Secret 'Test@123' was hacked 833 time(s); Consider changing the secret value.
    Get a warning if the secret you are trying to add is exposed.
    PS C:\> Get-PSSecret
    Get the secret value from the vault
    PS C:\> Get-PSKey
    Get the key used to encrypt the secet value
    PS C:\> Get-PSKey -Force
    PS C:\> Add-PSSecret -Name "GMail_Username" -Value "Thisisanonhackablepassword@2021" -Metadata "My official gmail account."
    Rotate the key and add a new secret
    PS C:\> Get-PSArchivedKey
    Get the archived keys. Use it to retrieve the secrets that was encrypted
    using these keys.
    PS C:\> Update-PSSecret -Name Test -Value "AnyStrongPassword@2021"
    Update a secret value. Use tab completion to find the key to update it's
    corresponding secret.
    PS C:\> Remove-PSSecret -Name Test -Force
    Remove a secret with the key
    PS C:\ Remove-PSPersonalVault -Force
    Force remove the vault. This is a destructive operation and it removes all
    the stored secrets.
    It is best to save the secrets with individual keys for more security. Since
    the PowerShell encryption uses Windows DPAPI, the user who stored the keys
    and secrets can only view it in plain text. The secret values that you are
    entering as plain text in the session will not stick to in the history.
    will automatically remove the module related cmdlets from the history.
    Re-open the console to make sure that all the secrets are removed from the
    Try the cmdlets.