Enhance documentation and functionality to support Linux Secret Service for managing App Ids across platforms#5335
Merged
Merged
Conversation
…ce for managing App Ids across platforms
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Linux support for Set/Get/Remove-PnPManagedAppId persistence by leveraging the MSAL Linux Secret Service integration, and updates end-user documentation to reflect the new cross-platform behavior and SecretManagement-vault preference (when available).
Changes:
- Added Linux Secret Service persistence for Managed App Id storage/retrieval/removal in
CredentialManager. - Refactored Managed App Id flows to prefer a default SecretManagement vault when available.
- Updated docs/articles to mention Linux support and the default-vault behavior.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| src/Commands/Utilities/CredentialManager.cs | Implements Linux Secret Service persistence for managed App Ids and refactors vault selection logic. |
| pages/articles/defaultclientid.md | Updates the “default client id” article to include Linux Secret Service + vault preference wording. |
| documentation/Set-PnPManagedAppId.md | Updates cmdlet docs to include Linux Secret Service and SecretManagement vault usage. |
| documentation/Get-PnPManagedAppId.md | Updates cmdlet docs to include Linux Secret Service and SecretManagement vault usage. |
| documentation/Remove-PnPManagedAppId.md | Updates cmdlet docs to include Linux Secret Service and SecretManagement vault usage. |
Comment on lines
+547
to
+552
| private static void WriteLinuxAppIdEntry(string name, string appId) | ||
| { | ||
| var storage = CreateLinuxManagedAppIdStorage(name); | ||
| storage.VerifyPersistence(); | ||
| storage.WriteData(Encoding.UTF8.GetBytes(appId)); | ||
| } |
| ``` | ||
|
|
||
| This will add an entry to your Windows Credential Manager or the MacOS keychain if your are on MacOS. Connect-PnPOnline will use this value to match the correct client id with the url you are connecting to and it is not needed use -ClientId anymore, e.g. | ||
| This will add an entry to your Windows Credential Manager, the MacOS keychain, or the Linux Secret Service. If you have configured a default Microsoft.PowerShell.SecretManagement vault, that vault will be used instead. Connect-PnPOnline will use this value to match the correct client id with the url you are connecting to and it is not needed use -ClientId anymore, e.g. |
|
|
||
| ## DESCRIPTION | ||
| Adds an App Id entry to the Windows Credential Manager or Mac OS Key Chain Entry. PnP PowerShell will check if an App Id is available when you connect using Connect-PnPOnline -Interactive. If it finds a matching URL it will use the associated App Id. You do not need to specify the -ClientId parameter then. | ||
| Adds an App Id entry to the Windows Credential Manager, Mac OS Key Chain, Linux Secret Service, or a default SecretManagement vault. PnP PowerShell will check if an App Id is available when you connect using Connect-PnPOnline -Interactive. If it finds a matching URL it will use the associated App Id. You do not need to specify the -ClientId parameter then. |
|
|
||
| ## SYNOPSIS | ||
| Sets/Adds an App Id for use with Connect-PnPOnline to the Windows Credential Manager or Mac OS Key Chain Entry. If you the PowerShell Module Microsoft.PowerShell.SecretsStore and Microsoft.PowerShell.SecretsManagement installed and you have defined a default vault without a password than that will be used to store the App Id. | ||
| Sets/Adds an App Id for use with Connect-PnPOnline to the Windows Credential Manager, Mac OS Key Chain, or Linux Secret Service. If you have the PowerShell Module Microsoft.PowerShell.SecretManagement installed and you have defined a default vault without a password, that will be used to store the App Id. |
|
|
||
| ## DESCRIPTION | ||
| Returns an associated App Id from the Windows Credential Manager or Mac OS Key Chain Entry. | ||
| Returns an associated App Id from the Windows Credential Manager, Mac OS Key Chain Entry, Linux Secret Service, or a default SecretManagement vault. |
Comment on lines
+547
to
+552
| private static void WriteLinuxAppIdEntry(string name, string appId) | ||
| { | ||
| var storage = CreateLinuxManagedAppIdStorage(name); | ||
| storage.VerifyPersistence(); | ||
| storage.WriteData(Encoding.UTF8.GetBytes(appId)); | ||
| } |
| ``` | ||
|
|
||
| This will add an entry to your Windows Credential Manager or the MacOS keychain if your are on MacOS. Connect-PnPOnline will use this value to match the correct client id with the url you are connecting to and it is not needed use -ClientId anymore, e.g. | ||
| This will add an entry to your Windows Credential Manager, the MacOS keychain, or the Linux Secret Service. If you have configured a default Microsoft.PowerShell.SecretManagement vault, that vault will be used instead. Connect-PnPOnline will use this value to match the correct client id with the url you are connecting to and it is not needed use -ClientId anymore, e.g. |
|
|
||
| ## DESCRIPTION | ||
| Adds an App Id entry to the Windows Credential Manager or Mac OS Key Chain Entry. PnP PowerShell will check if an App Id is available when you connect using Connect-PnPOnline -Interactive. If it finds a matching URL it will use the associated App Id. You do not need to specify the -ClientId parameter then. | ||
| Adds an App Id entry to the Windows Credential Manager, Mac OS Key Chain, Linux Secret Service, or a default SecretManagement vault. PnP PowerShell will check if an App Id is available when you connect using Connect-PnPOnline -Interactive. If it finds a matching URL it will use the associated App Id. You do not need to specify the -ClientId parameter then. |
|
|
||
| ## SYNOPSIS | ||
| Sets/Adds an App Id for use with Connect-PnPOnline to the Windows Credential Manager or Mac OS Key Chain Entry. If you the PowerShell Module Microsoft.PowerShell.SecretsStore and Microsoft.PowerShell.SecretsManagement installed and you have defined a default vault without a password than that will be used to store the App Id. | ||
| Sets/Adds an App Id for use with Connect-PnPOnline to the Windows Credential Manager, Mac OS Key Chain, or Linux Secret Service. If you have the PowerShell Module Microsoft.PowerShell.SecretManagement installed and you have defined a default vault without a password, that will be used to store the App Id. |
|
|
||
| ## DESCRIPTION | ||
| Returns an associated App Id from the Windows Credential Manager or Mac OS Key Chain Entry. | ||
| Returns an associated App Id from the Windows Credential Manager, Mac OS Key Chain Entry, Linux Secret Service, or a default SecretManagement vault. |
…port in Get-PnPManagedAppId, Remove-PnPManagedAppId, and Set-PnPManagedAppId cmdlets
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Type
Related Issues?
Fixes #5325
What is in this Pull Request ?
Added support for secret management in Linux OS via MSAL persistence mechanism