Is it possible to call Get-ShardMapManager when creating a new shard map manager without involving username and password (through hardcoding or storing the values in key vault)
Here is the code that I currently have in powershell
$ShardMapManager = Get-ShardMapManager -Username $DbUsrId -Password $DbPwd
can i use token or something like that? just whatever that is not involving username and password? thanks
No, you can't. From the source code of Get-ShardMapManager, UserName and Password are all Mandatory=$true.
In this case, if you want to avoid using them just because of the security issue, you can use azure keyvault to store them via Set-AzKeyVaultSecret as you mentioned. Retrieve them in the commands, then pass them to Get-ShardMapManager, just user/service principal that added to the access policy of the keyvault is able to get them(or has the Key Vault Administrator if you select Azure role-based access control in Access policies blade of the keyvault).
Make sure you have installed Az powershell module, then use the command below.
Connect-AzAccount
$DbUsrId = Get-AzKeyVaultSecret -VaultName "keyvaultname" -Name "username" -AsPlainText
$DbPwd = Get-AzKeyVaultSecret -VaultName "keyvaultname" -Name "password" -AsPlainText
$ShardMapManager = Get-ShardMapManager -Username $DbUsrId -Password $DbPwd