Set-Content $AESKeyFilePath $AESKey # Any existing AES Key file will be overwritten ACL on the file to allow only select people to read) Using saved credentials securely in PowerShell scripts # Generate a random AES Encryption Key. Quickly and securely storing your credentials – PowerShell For Example: Just searching for 'PowerShell secure password' will give you tons to work with. Many other articles on the topic since is a well-documented use case. # Using the Windows Credential Manager - there are many prebuilt modules for this $Creds = Get-Credential -Credential $env:USERDOMAIN\$env:USERNAME (Get-Command -Name Get-Credential).Parameters.Keys
(Get-Command -Name Get-Credential).Parameters # Get specifics for a module, cmdlet, or function Starting with the cmdlet designed for it. However, there are a number of ways to secure credentials for use in PowerShell automation, decrypted not. There are really not many use cases, where you'd need to decrypt it to plain text vs just using the object. If it's for anything else, I would prefer some password vault that you can securely use via code. If this is for just keeping credentials for yourself locally, it's not a terrible option. You can then use Import-Clixml to recover the credentials with the same user account that "encrypted" them on the same machine. \Dolphins.xml # Horrible, horrible beings. $SecureString = Read-Host -Prompt "Enter your Password" -AsSecureString $Credential = New-Object -ArgumentList "username",$SecureStringĪnother option, here is to use Export-Clixml to save credential files, which carries out the same DPAPI operation on a set of credentials. $SecureString = ConvertTo-SecureString $EncryptedString To get the password back out in to a usable credential variable like the article, you'd do this. \Clowns.txt # Because who would look inside, right? $EncryptedString = ConvertFrom-SecureString $SecureString You can copy and paste the following two code blocks to sample it without doing any file checking or further copying and pasting. The article is just an example of how to use it. If you need to use ConvertFrom-SecureString or ConvertTo-SecureString across multiple machines/accounts, which I wouldn't advise, then you would have to specify a key (see the parameters of the functions). This process uses the Windows Data Protection API - DPAPI. You won't be able to decrypt the example string on your machine that easily because Windows uses the local user and machine account to "encrypt" the password.
0 kommentar(er)
