Using a Yubikey for PowerShell CodeSigning

Intro I have a public codesigning certificate issued by DigiCert. I want to be able to sign my PowerShell scripts anywhere, for example when I’m at a customer, but it’s a hassle having to move the code to where I have my code signing certificate just to sign it. I’ve been experimenting with build jobs in VSTS so if I check in a script a build job will automatically sign it for me, but that requires access to internet and VSTS.

Set up Yubikey for PowerShell Code Signing

Intro As I wrote in my previous post Using a Yubikey for PowerShell CodeSigning I’m using a Yubikey to store my code signing certificate. This way I can easily carry my cert with me, use it on different computers and not have to worry about losing my private key. In this post, I’m describing how I set up my Yubikey. Setting up the key The Yubikey has a small command line tool called the “piv-tool”, it’s downloadable from Yubico’s website.

Wrong email in git? Git hook to the rescue!

Intro I use git as version control, it is great! But I use different email addresses in different situations and sometimes I get it wrong. Not a terrible problem but quite an annoyance. Let me show you an example: I recently contributed to the PowerShell repository (you can see my pull request here: Where-Object: add parameter ‘Not’) and I did an annoying mistake, I used the wrong email address. I have my work email configured in my global git config and sometimes I forget to change that to my private email when contributing to open source projects on GitHub.

Continuously deploying my PowerShell Modules

Continuously building and deploying new versions of my modules to internal repositories (or PowerShell Gallery) is something I really like. That way I can just push my code and let the automation handle the rest. Here are some learnings I’ve made. Deploy on tag Firstly, I usually only trigger a deploy-workflow on tags, this way I can manually decide when to do a release and what version it will have without relying on any complex methods.

Modify access to site in SharePoint Online with PowerShell

Ever tried to modify permissions to a SharePoint site with a huge number of files in it?

You might experience something like this:

The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator.

The attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator.

Managing permissions to a site in SharePoint Online is of course doable with PowerShell! I thought I’d quickly go through the basics.

Prereqs

First of all we need to download the SharePoint Online Management Shell. This can be done by following this link:

http://www.microsoft.com/en-us/download/details.aspx?id=35588

But what’s the fun in that when we can use PowerShell?

Disclaimer: This code uses a permanent link to the msi file, this might break in the future!

Invoke-WebRequest -Uri 'https://download.microsoft.com/download/0/2/E/02E7E5BA-2190-44A8-B407-BC73CA0D6B87/SharePointOnlineManagementShell_6802-1200_x64_en-us.msi' -OutFile .\SPOShell.msi
$MSI = Get-Item -Path .\SPOShell.msi
msiexec /i $MSI.FullName /qb
$env:PSModulePath = [System.Environment]::GetEnvironmentVariable("PSModulePath","Machine")
Import-Module -Name Microsoft.Online.SharePoint.PowerShell -DisableNameChecking