Skip to content

SecureString shouldn't be used warning. #10880

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Kriegel opened this issue Oct 24, 2019 · 5 comments
Closed

SecureString shouldn't be used warning. #10880

Kriegel opened this issue Oct 24, 2019 · 5 comments
Labels
Issue-Question ideally support can be provided via other mechanisms, but sometimes folks do open an issue to get a Resolution-Answered The question is answered.

Comments

@Kriegel
Copy link

Kriegel commented Oct 24, 2019

In the SecureString Class documentation, there is a Warning from the platform-compat team, that Securestring shouldn't be used.
Direct Link to the Warning on Github

I like and used SecureString much in the past.

How do we deal with that?
@Kriegel Kriegel added the Issue-Enhancement the issue is more of a feature request than a bug label Oct 24, 2019
@iSazonov iSazonov added Issue-Question ideally support can be provided via other mechanisms, but sometimes folks do open an issue to get a and removed Issue-Enhancement the issue is more of a feature request than a bug labels Oct 24, 2019
@iSazonov
Copy link
Collaborator

We have to use SecureString for backward compatibility (scripts and public API).

@Kriegel
Copy link
Author

Kriegel commented Oct 24, 2019
edited
Loading

I am aware of removing SecureString is a breaking change.
So since PowerShell is running on non Windows systems, which perhaps doesn't support SecureString encryption.
I think we have to talk about to implement user warnings, either into the documentation and on screen!?
See also in the docs #4985

@Kriegel Kriegel mentioned this issue Oct 24, 2019
Closed
@vexx32
Copy link
Collaborator

vexx32 commented Oct 24, 2019
edited
Loading

I believe this will be addressed during implementation of @SteveL-MSFT's proposal for secrets handling which is currently in the RFC stage. 🙂

PowerShell/PowerShell-RFC#208

@iSazonov iSazonov added the Resolution-Answered The question is answered. label Oct 24, 2019
@SteveL-MSFT
Copy link
Member

@vexx32 yes and no. The SecureString type still exists and we need it to tell PowerShell when to prompt masked input. The Secrets Management module is more about not having plaintext secrets in scripts and also abstracting remote vaults (like Azure KeyVault) making them seamless to use.

@ghost
Copy link

ghost commented Oct 26, 2019

This issue has been marked as answered and has not had any activity for 1 day. It has been closed for housekeeping purposes.

@ghost ghost closed this as completed Oct 26, 2019
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue-Question ideally support can be provided via other mechanisms, but sometimes folks do open an issue to get a Resolution-Answered The question is answered.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Kriegel @SteveL-MSFT @iSazonov @vexx32