Set-Secret asks for password to unlock vault that has already been unlocked with Unlock-SecretStore

[nbarnwell]

Prerequisites

• Write a descriptive title.
• Make sure you are able to repro it on the latest released version
• Search the existing issues.

Steps to reproduce

Here is a script:

Set-StrictMode -Version Latest
$ErrorActionPreference = 'Stop'
$InformationPreference = 'Continue'

# Install necessary modules from powershell gallery
Write-Host "Installing dependencies..."
Install-Module Microsoft.PowerShell.PSResourceGet -Force
Install-Module PowerShellGet -Force
Install-PSResource Microsoft.PowerShell.SecretManagement -TrustRepository
Install-PSResource Microsoft.PowerShell.SecretStore -TrustRepository

Import-Module Microsoft.PowerShell.SecretStore -Force

# Create the default secret vault
$SecretVaultName = 'PowerShellModulesSecretVault'
$defaultVault = Get-SecretVault | Where-Object { $_.IsDefault }
if (!$defaultVault) {
    $secretVaultPassword = Read-Host "Enter your new PowerShell SecretStore password" -AsSecureString
    Register-SecretVault -Name $SecretVaultName -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault
    Set-SecretStoreConfiguration -Scope CurrentUser -Authentication Password -Confirm:$false -Password $secretVaultPassword
    Unlock-SecretStore -Password $secretVaultPassword -Verbose
} else {
    $SecretVaultName = $defaultVault.Name
    Unlock-SecretStore
}

$PowerShellModulesRepository = "https://CompanyName.pkgs.visualstudio.com/_packaging/CompanyNamePowerShell/nuget/v3/index.json"

# Put the PAT in as a secret with a known name
$SecretName = 'PowerShellModulesRepositoryPAT'
$PowerShellModulesRepositoryPATSecureString = Read-Host -Prompt "Enter your Azure DevOps Artifacts Personal Access Token (PAT). To obtain a new token, navigate to https://CompanyName.visualstudio.com/_usersSettings/tokens and create a new token that has the 'read artifacts' scope" -AsSecureString
$PowerShellModulesRepositoryPATSecureStringSecret = [System.Management.Automation.PSCredential]::new($SecretName, $PowerShellModulesRepositoryPATSecureString)
Set-Secret -Vault $SecretVaultName -Name $SecretName -Secret $PowerShellModulesRepositoryPATSecureStringSecret

# Register the resource repository, telling it which vault and the name of the secret it should use
$RepositoryName = 'PowerShellModulesRepository'
$credentialInfo = [Microsoft.PowerShell.PSResourceGet.UtilClasses.PSCredentialInfo]::new($SecretVaultName, $SecretName);
Register-PSResourceRepository -Name $RepositoryName -Uri $PowerShellModulesRepository -CredentialInfo $credentialInfo -Trusted -Priority 40 -Force

Get-PSResourceRepository

Expected behavior

When `Set-Secret` runs, no password should be requested.

Actual behavior

`Set-Secret` requests the user enter the password again.

Here is the full output:

PS C:\Users\Teatowel> Set-StrictMode -Version Latest
PS C:\Users\Teatowel> $ErrorActionPreference = 'Stop'
PS C:\Users\Teatowel> $InformationPreference = 'Continue'
PS C:\Users\Teatowel>
PS C:\Users\Teatowel> # Install necessary modules from powershell gallery
PS C:\Users\Teatowel> Write-Host "Installing dependencies..."
Installing dependencies...
PS C:\Users\Teatowel> Install-Module Microsoft.PowerShell.PSResourceGet -Force
WARNING: The version '1.0.2' of module 'Microsoft.PowerShell.PSResourceGet' is currently in use. Retry the operation after closing the applications.
PS C:\Users\Teatowel> Install-Module PowerShellGet -Force
WARNING: The version '1.4.8.1' of module 'PackageManagement' is currently in use. Retry the operation after closing the applications.
WARNING: The version '2.2.5' of module 'PowerShellGet' is currently in use. Retry the operation after closing the applications.
PS C:\Users\Teatowel> Install-PSResource Microsoft.PowerShell.SecretManagement -TrustRepository
WARNING: Resource 'Microsoft.PowerShell.SecretManagement' with version '1.1.2' is already installed.  If you would like to reinstall, please run the cmdlet again with the -Reinstall parameter
PS C:\Users\Teatowel> Install-PSResource Microsoft.PowerShell.SecretStore -TrustRepository
WARNING: Resource 'Microsoft.PowerShell.SecretStore' with version '1.0.6' is already installed.  If you would like to reinstall, please run the cmdlet again with the -Reinstall parameter
PS C:\Users\Teatowel>
PS C:\Users\Teatowel> Import-Module Microsoft.PowerShell.SecretStore -Force
PS C:\Users\Teatowel>
PS C:\Users\Teatowel> # Create the default secret vault
PS C:\Users\Teatowel> $SecretVaultName = 'PowerShellModulesSecretVault'
PS C:\Users\Teatowel> $defaultVault = Get-SecretVault | Where-Object { $_.IsDefault }
PS C:\Users\Teatowel> if (!$defaultVault) {
>>     $secretVaultPassword = Read-Host "Enter your new PowerShell SecretStore password" -AsSecureString
>>     Register-SecretVault -Name $SecretVaultName -ModuleName Microsoft.PowerShell.SecretStore -DefaultVault
>>     Set-SecretStoreConfiguration -Scope CurrentUser -Authentication Password -Confirm:$false -Password $secretVaultPassword
>>     Unlock-SecretStore -Password $secretVaultPassword -Verbose
>> } else {
>>     $SecretVaultName = $defaultVault.Name
>>     Unlock-SecretStore
>> }
Enter your new PowerShell SecretStore password: ****
PS C:\Users\Teatowel>
PS C:\Users\Teatowel> $PowerShellModulesRepository = "https://CompanyName.pkgs.visualstudio.com/_packaging/CompanyNamePowerShell/nuget/v3/index.json"
PS C:\Users\Teatowel>
PS C:\Users\Teatowel> # Put the PAT in as a secret with a known name
PS C:\Users\Teatowel> $SecretName = 'PowerShellModulesRepositoryPAT'
PS C:\Users\Teatowel> $PowerShellModulesRepositoryPATSecureString = Read-Host -Prompt "Enter your Azure DevOps Artifacts Personal Access Token (PAT). To obtain a new token, navigate to https://CompanyName.visualstudio.com/_usersSettings/tokens and create a new token that has the 'read artifacts' scope" -AsSecureString
Enter your Azure DevOps Artifacts Personal Access Token (PAT). To obtain a new token, navigate to https://CompanyName.visualstudio.com/_usersSettings/tokens and create a new token that has the 'read artifacts' scope: ****
PS C:\Users\Teatowel> $PowerShellModulesRepositoryPATSecureStringSecret = [System.Management.Automation.PSCredential]::new($SecretName, $PowerShellModulesRepositoryPATSecureString)
PS C:\Users\Teatowel> Set-Secret -Vault $SecretVaultName -Name $SecretName -Secret $PowerShellModulesRepositoryPATSecureStringSecret
Vault PowerShellModulesSecretVault requires a password.
Enter password:
****
PS C:\Users\Teatowel>
PS C:\Users\Teatowel> # Register the resource repository, telling it which vault and the name of the secret it should use
PS C:\Users\Teatowel> $RepositoryName = 'PowerShellModulesRepository'
PS C:\Users\Teatowel> $credentialInfo = [Microsoft.PowerShell.PSResourceGet.UtilClasses.PSCredentialInfo]::new($SecretVaultName, $SecretName);
PS C:\Users\Teatowel> Register-PSResourceRepository -Name $RepositoryName -Uri $PowerShellModulesRepository -CredentialInfo $credentialInfo -Trusted -Priority 40 -Force
PS C:\Users\Teatowel>
PS C:\Users\Teatowel> Get-PSResourceRepository

Name                        Uri                                                                                            Trusted Priority
----                        ---                                                                                            ------- --------
PowerShellModulesRepository https://companyname.pkgs.visualstudio.com/_packaging/CompanyNamePowerShell/nuget/v3/index.json True    40
PSGallery                   https://www.powershellgallery.com/api/v2                                                       False   50

Error details

No response

Environment data

Name                           Value
----                           -----
PSVersion                      7.4.1
PSEdition                      Core
GitCommitId                    7.4.1
OS                             Microsoft Windows 10.0.19044
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Version

What is "Crescendo"?

Visuals

No response