Powershell: SecureString shouldn't be used warning.
In the SecureString Class documentation, there is a Warning from the platform-compat team, that Securestring shouldn't be used.
Direct Link to the Warning on Github
I like and used SecureString much in the past.
How do we deal with that?
Kriegel
All 5 comments
We have to use SecureString for backward compatibility (scripts and public API).
iSazonov
on 24 Oct 2019
I am aware of removing SecureString is a breaking change.
So since PowerShell is running on non Windows systems, which perhaps doesn't support SecureString encryption.
I think we have to talk about to implement user warnings, either into the documentation and on screen!?
See also in the docs #4985
Kriegel
on 24 Oct 2019
I believe this will be addressed during implementation of @SteveL-MSFT's proposal for secrets handling which is currently in the RFC stage. 馃檪
vexx32
on 24 Oct 2019
@vexx32 yes and no. The SecureString type still exists and we need it to tell PowerShell when to prompt masked input. The Secrets Management module is more about not having plaintext secrets in scripts and also abstracting remote vaults (like Azure KeyVault) making them seamless to use.
SteveL-MSFT
on 24 Oct 2019
This issue has been marked as answered and has not had any activity for 1 day. It has been closed for housekeeping purposes.
![msftbot[bot] picture](https://avatars2.githubusercontent.com/in/26612?v=4&s=40)
msftbot[bot]
on 26 Oct 2019
Related issues
aragula12
路
3Comments
garegin16
路
3Comments
MaximoTrinidad
路
3Comments
ajensenwaud
路
3Comments
concentrateddon
路
3Comments
Most helpful comment
@vexx32 yes and no. The SecureString type still exists and we need it to tell PowerShell when to prompt masked input. The Secrets Management module is more about not having plaintext secrets in scripts and also abstracting remote vaults (like Azure KeyVault) making them seamless to use.