Skip to content

Commit 866a4d3

Browse files
BethanyZhouBethanyZhou
authored
Update parameter-best-practices.md about secure string (#23302)
* Update parameter-best-practices.md * refine * Update documentation/development-docs/design-guidelines/parameter-best-practices.md * Update documentation/development-docs/design-guidelines/parameter-best-practices.md
1 parent 3312a25 commit 866a4d3

File tree

1 file changed

+7
-1
lines changed

1 file changed

+7
-1
lines changed

documentation/development-docs/design-guidelines/parameter-best-practices.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,13 @@ From the [_Strongly Encouraged Development Guidelines_](https://learn.microsoft.
5454
5555
#### Secret Parameters
5656

57-
For parameters that represent a value that should be kept secret in some fashion (such as a password, secret, key, etc.), the type of the parameter should be `SecureString` to avoid any sensitive information about the parameter from leaking during cmdlet execution.
57+
For parameters whose type is string and which represent a value that should be kept secret in some fashion (such as a password, secret, key, etc.), the type of the parameter should be [SecureString](https://learn.microsoft.com/dotnet/api/system.security.securestring) to limit the exposure of sensitive string data from unexpected leakage during cmdlet execution. The practice also applies to output properties whose type is string and that should be kept in secret.
58+
59+
Please notice that DO NOT use `SecureString` for encryption purposes. We only recommend to use `SecureString` as a wrapper of string to prevent unexpected leakage of information as string may still be exposed to any process or operation that has access to raw memory.
60+
61+
From [How secure is SecureString?](https://learn.microsoft.com/dotnet/api/system.security.securestring#how-secure-is-securestring)
62+
63+
> _SecureString is more secure than String because it limits the exposure of sensitive string data. However, those strings may still be exposed to any process or operation that has access to raw memory, such as a malicious process running on the host computer, a process dump, or a user-viewable swap file. Instead of using SecureString to protect passwords, the recommended alternative is to use an opaque handle to credentials that are stored outside of the process._
5864
5965
#### Bool vs. SwitchParameter
6066

0 commit comments

Comments
 (0)