Data Structures
Revised: March 3, 2025
PowerPass uses the PSCustomObject type to define several custom data structures suitable for storing and recalling your PowerShell Locker, its Secrets and Attachments, as well as KeePass 2 databases and their connection information.
Lockers
Both the AES edition and the Data Protection API edition use the same data structures for common objects including:
- Lockers
- Locker Secrets
- Locker Attachments
These objects are initialized in the common module file PowerPass.Common.ps1 found in the /module directory.
Constructor Functions
PowerPass.Common.ps1 uses these functions to construct Locker objects.
| Function | Purpose |
|---|---|
| New-PowerPassLocker | Constructs a new Locker object |
| New-PowerPassSecret | Constructs a new Locker Secret object |
| New-PowerPassAttachment | Constructs a new Locker Attachment object |
Locker Properties
The PowerPass Locker is not an exposed data type.
However, for those who are curious, the Locker is a PSCustomObject with these properties.
It is serialized as JSON before being encrypted and converted to a base-64 encoded string for storage.
| Property Name | Data Type |
|---|---|
| 1. Secrets | PSCustomObject[] |
| 2. Attachments | PSCustomObject[] |
| 3. Created | System.DateTime (UTC) |
| 4. Modified | System.DateTime (UTC) |
Property: Secrets
The Secrets property is an array of PSCustomObject items with Title, UserName, Password, URL, Notes, Expires, Created, and Modified fields. When you call the Read-PowerPassSecret cmdlet one or more of these objects are output to the pipeline for you. The Password is stored as a SecureString unless you specify the -PlainTextPasswords parameter in which case the password is returned from your Locker in plain-text as a String.
| Property Name | Data Type | Purpose |
|---|---|---|
| 1. Title | String | The unique identifier of the Secret in your Locker |
| 2. UserName | String | A place to store a username, such as an email address or login name |
| 3. Password | SecureString or plain-text String | A place to store a password or secret key, use -PlainTextPasswords to retrieve passwords in plain-text |
| 4. URL | String | A place to store a URL such as a login URL or REST endpoint for reference |
| 5. Notes | String | A place to store notes about the secret such as recovery codes or usage information |
| 6. Expires | DateTime | A place to store an expiration date, such as for certificates which expire, or if credentials have limited time passwords that have to be changed, this can be used to keep track of when the password needs to be changed |
| 7. Created | DateTime (UTC) | This is automatically set to the date and time when this secret was created |
| 8. Modified | DateTime (UTC) | This is automatically set to the date and time the secret was last modified |
| 9. Mfd | Boolean | Short for marked for deletion, this is set to $false by default and is used by Remove-PowerPassSecret to flag secrets that match the criteria for deletion |
Property: Attachments
The Attachments property is an array of PSCustomObject items with FileName, Data, Created, and Modified fields. Data is output to you as a byte array, but is stored in the Locker as a base-64 encoded string.
| Property Name | Data Type | Purpose |
|---|---|---|
| 1. FileName | String | The unique identifier of the attachment in your Locker, typically a filename |
| 2. Data | String | Base64-encoded string of the binary data of the attachment |
| 3. Created | DateTime (UTC) | This is automatically set to the date and time when this attachment was created |
| 4. Modified | DateTime (UTC) | This is automatically set to the date and time when this attachment was last modified |
| 5. Mfd | Boolean | Short for marked for deletion, this flag is used by Remove-PowerPassAttachment to flag attachments for deletion that match the critera for deletion |
| 6. GZip | Boolean | Added in release 2.1.0 this flag is used to determine whether or not the Data payload for this attachment is compressed using the gzip algorithm |
Property: Created
The Created property indicates when the Locker was created. This is stored in UTC.
Property: Modified
The Modified property indicates when the Locker was last modified. This is stored in UTC.
KeePass 2 Databases
The KeePass 2 database can only be opened by the Data Protection API edition of PowerPass which runs in Windows PowerShell 5.1.
This data structure is unique to KeePass 2 and the DP API implementation of PowerPass.
When you run the Open-PowerPassDatabase cmdlet, the output is a PSCustomObject with these properties.
| Property Name | Description |
|---|---|
| 1. Connector | The Connector property contains the KeePassLib.Serialization.IOConnectionInfo instance which tells KeePassLib where to find the database on the local file system. |
| 2. Keys | The Keys property contains the collection of keys required to open the database encapsulated by the KeePassLib.Keys.CompositeKey type. |
| 3. LiteralPath | This is a string with the literal path of the database file on disk. |
| 4. Secrets | This is the KeePassLib.PwDatabase instance from which you can access all the entries in the test database starting with the RootGroup property. |
| 5. StatusLogger | The custom PowerPass.StatusLogger instance which KeePassLib writes to as it operates on the database file. |
All PowerPass Topics
Select one of the links below to browse to another topic.