XPCM - A minimalistic approach to cross-platform credentials management

By Evgenij Smirnov

Elevator Pitch

While almost every scripter struggles with providing high-value credentials to scripts in a secure way, there are still gaps when it comes to doing it across platforms. Secret(s)Management and centralized vaults are great, but here is a more minimalistic, robust and still fairly secure approach.


If you ever have written a script that must run on a variety of systems but needs to connect to external resources using the same set of credentials, you probably know the pain of providing those credentials to the script in a secure, portable and cross-platform way. The Secret(s)Management module from Microsoft goes a long way towards achieving that goal but it’s not yet fully there, and the plug-in for connecting to a secrets vault of your choice may or may not be available for all OS platforms your script has to run on.

With the XPCM module (there are actually two of them) I am providing an alternate approach to storing and retrieving secrets that can usually be implemented with zero maintenance on the endpoint running the script, even if the secret (i.e. password) changes on a regular basis. The objective is to provide an identical experience on Windows and Linux (which, in theory, should cover MacOS as well), for every version of PowerShell that can be found on a supported system (2.0 through 5.1 and 6.0 through 7.1).

In this talk I will present the rationale behind developing XPCM, the overall concept behind it and some of the unexpected hurdles I have encountered while developing and refining it.


The module is not yet published on the Gallery (as of Mid December), I expect it to be ready come February.