Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unlock-SecretStore not working when using Remote-SSH connection in VsCode #89

Open
dillardd opened this issue Dec 6, 2021 · 4 comments
Open

Unlock-SecretStore not working when using Remote-SSH connection in VsCode #89

dillardd opened this issue Dec 6, 2021 · 4 comments

Comments

@dillardd
Copy link

dillardd commented Dec 6, 2021

When utilizing a remote ssh session in VsCode, I am not able to unlock the Secret Store.

Command ran:

Unlock-SecretStore -Password $credSecretStore

The Error given is basic:

The provided password is incorrect for the Microsoft.PowerShell.SecretStore module vault.

However, when I convert my secure string, it is indeed the correct password, and it works to unlock the vault when I am using it logged into the machine via remote desktop using the same account.

Is this a supported situation? I hope it is, since I was excited to use VsCode remote for connecting to my machine and running code on it, however I utilize the SecretStore in almost all of my processes. Appreciate any insight on this!!
@PaulHigin PaulHigin transferred this issue from PowerShell/SecretManagement Dec 9, 2021
@PaulHigin
Copy link
Contributor

This sounds like it might be related to issue #62, which has to do with how SecretStore encrypts one layer using the current user account name. Windows can provide the user name in different cases, and this affects the ability to decrypt. The problem has been fixed in the latest version of SecretStore. What version are you using?

Keep in mind that SecretStore currently stores secrets for the current user account. 'AllUser' scope is not yet supported, so to access secrets means logging in with the account that stored the secrets.

@dillardd
Copy link
Author

dillardd commented Dec 21, 2021
edited
Loading

I think this is related to issue #62 , as I am not getting an error:

Padding is invalid and cannot be removed

I received this after updating the modules to latest versions:

ModuleType Version    PreRelease Name                                PSEdition ExportedCommands
---------- -------    ---------- ----                                --------- ----------------
Binary     1.1.1                 Microsoft.PowerShell.SecretManagem… Core      {Register-SecretVault, Unregister-SecretVault, Get-SecretVault, Set-SecretVaultDefault…}
Binary     1.0.5                 Microsoft.PowerShell.SecretStore    Core      {Unlock-SecretStore, Set-SecretStorePassword, Get-SecretStoreConfiguration, Set-SecretStoreConfiguration…}

I am logged in as the same user via the Remote-SSH session, so it shouldn't be an issue of 'AllUser' scope, but I definitely understand what you mean about Windows not presenting the user in a fashion that the Module is able to decrypt.

I would say the issues could be merged, however #62 looks like it is closed.

@PaulHigin
Copy link
Contributor

Yes, the issue #62 has been fixed, but there is a chance that if you have a SecretStore database from before the fix, you will see this error. That is why I recommended to original author of #62 to reset and re-store secrets after installing the latest SecretStore with the fix.

There is a small chance that you may have older versions of the module. Please run:

Get-module -Name Microsoft.PowerShell.Secret* -list

to ensure any older versions have been removed.

@dillardd
Copy link
Author

dillardd commented Jan 5, 2022

When running the command to get the installed versions of the Module, this is what I get. There aren't older versions, but there are versions installed into multiple folders:

Get-module -Name Microsoft.PowerShell.Secret* -list

    Directory: C:\Users\Administrator\Documents\PowerShell\Modules

ModuleType Version    PreRelease Name                                PSEdition ExportedCommands
---------- -------    ---------- ----                                --------- ----------------
Binary     1.1.1                 Microsoft.PowerShell.SecretManagem… Core      {Register-SecretVault, Unregister-SecretVault, Get-SecretVault, Se…
Binary     1.0.5                 Microsoft.PowerShell.SecretStore    Core      {Unlock-SecretStore, Set-SecretStorePassword, Get-SecretStoreConfi…

    Directory: C:\Program Files\WindowsPowerShell\Modules

ModuleType Version    PreRelease Name                                PSEdition ExportedCommands
---------- -------    ---------- ----                                --------- ----------------
Binary     1.1.1                 Microsoft.PowerShell.SecretManagem… Core      {Register-SecretVault, Unregister-SecretVault, Get-SecretVault, Se…
Binary     1.0.5                 Microsoft.PowerShell.SecretStore    Core      {Unlock-SecretStore, Set-SecretStorePassword, Get-SecretStoreConfi…

I started getting the error Padding is invalid and cannot be removed today, and it affected many scripts that I had running in Task Scheduler. After entering in the credentials again for one task, all of the others that used that account started working, however they stopped working again a couple of hours later.

I am going to take your advice and recreate the secret store, which I imagine will remedy this situation since it is now manifesting in exactly the way described in #62 .

I appreciate your attention to this and will update again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@PaulHigin @dillardd