Windows Credential Manager

Store and Retrieve Secrets from the Windows Credential Manager

Overview

Windows Credential Manager is a native Windows utility that stores sensitive information, such as passwords and secrets, and allows applications to securely access it.

Keeper provides a utility, the Windows Credential Utility, that interacts with native windows APIs to store and retrieve secrets from the Windows Credential Manager. It can be used by any integration, plugin, or code base to store and retrieve credentials, secrets, and passwords in the Windows Credential Manager simply and natively.

The code base for the Windows Credential Utility can be found here:

GitHub - Keeper-Security/windows-credential-utility: A utility for natively interacting with Windows Credential ManagerGitHub

The binary needed to use the above utility can be found here:

Releases · Keeper-Security/windows-credential-utilityGitHub

To use the Windows Credential Utility, you can either

deploy the pre-built binary from the releases page
or import it into your code base.

Both use cases are covered below.

Usage - Executable

Downloading the Executable

Download the latest version executable from the releases page and optionally add it to PATH to get started.

Using the Executable

The executable supports two commands:

set
get

Both commands require an application name (i.e. the name of the credential in / to be stored in the Windows Credential Manager) as the first argument.

`set`

set requires a second argument of the secret to be stored. This can be either a:

BASE64 string
JSON string
Path to an existing JSON file

When the secret is saved to Windows Credential Manager it is first encoded into a BASE64 format (if not already a BASE64 string). This standardizes the format for both consistent storage and to make it easier to consume by Keeper integrations and products.

`get`

get returns the stored BASE64 encoded config to stdout and exits with a 0 exit code. The requesting integration can capture the output for consumption. Any errors encountered retrieving the config will return an non-zero exit code and write to stderr.

Example

# Save a secret
wcu set APPNAME eyJ1c2VybmFtZSI6ICJnb2xsdW0iLCAicGFzc3dvcmQiOiAiTXlQcmVjaW91cyJ9
# or
wcu set APPNAME config.json

# Retrieve a secret
wcu get APPNAME

PreviousTerraform Provider NextXSOAR

Last updated 10 months ago

Was this helpful?

hashtagOverview

hashtagUsage - Executable

hashtagDownloading the Executable

hashtagUsing the Executable

hashtagset

hashtagget

hashtagExample