DISCLAIMER :
This article is translated by myself.
I do this to train but my level of English is not great so I apologize for any mistakes they might have.
If really it's not understandable at all thank you for pointing it out so that I can improve myself ;-)
Information
This article was written for a French Powershell UserGroup presentation.
You can find this presentation on Youtube : FRPSUG Channel
The different ways to use Credential ...
Initial request
Since I started on PowerShell, I very quickly asked the question of the management of credentials in my scripts
From the simple need that may be handled in a basic way to the use of credentials in automatic scripts I looked for the best way to do it.
Processing the request
1. Get-Credential
The easiest way to use credentials is to use the basic PowerShell command
$cred = Get-Credential -Message "Message show in the Popup" -UserName MyUser
the result is
PS > $cred
UserName Password
-------- --------
MyUser System.Security.SecureString
This variable $cred
can be used for example in the following command
Enter-PSSession -ComputerName MyComputer -Credential $cred
2. ConvertFrom-SecureString : storage on disk
An another solution, a bit more advanced, is to store password in a file on your computer.
Naturally this storage must be done in a secure way.
As before, the first step is create the $Cred
object
$cred = Get-Credential -Message "Message show in the Popup" -UserName MyUser
Second step is store the password in file but encrypted
For this we used the ConvertFrom-SecureString
command
$Cred.Password | ConvertFrom-SecureString | Out-File C:\temp\password.txt
In my file c:\temp\password.txt, my password is seen like this
01000000d08c9ddf0115d1118c7a00c04fc297eb0100000057670149ac674a41ad9d185a8a82724b0000000002000000000010660000000100002000000093aaaf1ed598a69bbfb4cc77e81dfeb2786f26db6184538833af18054ef1a8a3000000000e800000000200002000000098c97f4f344d0159f337966d55060ad3297cae7515938457a713ddd9eaac5cdf200000003d986891fb27cb3983f798082083ac734d97d6235a186d3cc43db26f63bd44684000000018620d4739c0a26a6261e8c9867e94605cd35c61090c982999d5bb09fb54ec7d9a3499ebeb304c67720edfa37a34fe7fd4bce8fd8468dbee5081f56c81f4ce46
To use this encrypted password, you must first decrypt it.
For that we will used the ConvertTo-SecureString
command
After that, with the decrypted password, we can make a new PSCredential object and use it
$Username = "MyUser"
$SecurePassword = Get-Content c:\temp\password.txt | ConvertTo-SecureString
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$SecurePassword
PS > $cred
UserName Password
-------- --------
MyUser System.Security.SecureString
As in point 1, we have a object $Cred
that we can use in the follow script
Enter-PSSession -ComputerName MyComputer -Credential $cred
3. Export-Clixml : storage on disk
The advantage of this method is that you can leverage the versatility of PowerShell to ensure that data is not only exported, but also stored securely using secure strings. It should be noted that these credentials files can only be opened by the same user on the same system.
To create the export file, we will used the Export-Clixml
command
get-credential -message "User's Password ?" -UserName MyUser | Export-Clixml -Path "c:\temp\user.xml"
In the file c:\temp\user.xml we can see the following information
<Objs Version="1.1.0.1" xmlns="http://schemas.microsoft.com/powershell/2004/04">
<Obj RefId="0">
<TN RefId="0">
<T>System.Management.Automation.PSCredential</T>
<T>System.Object</T>
</TN>
<ToString>System.Management.Automation.PSCredential</ToString>
<Props>
<S N="UserName">MyUser</S>
<SS N="Password">01000000d08c9ddf0115d1118c7a00c04fc297eb0100000057670149ac674a41ad9d185a8a82724b00000000020000000000106600000001000020000000dadd8864c9b930a2eb07a6745ac4fb5711912c318c401f7e35bb91d4d1cc180b000000000e8000000002000020000000b5a862ba266c236357445b773ca38d73ed124cf82d863ac4c11e2b48d57fca4b2000000054180930ba9fd53a6c4bdd9d7f69c044c88072b0d411486bccc1ca3cca417bf440000000d6197eafe8a133235bd1b44e376c3ff02e94da9f39b7d24b9a68ef5dbd629e44180ce15c3e67830d758fa1296f60a98cb2371ef915990c921e728f44c72c4cbd</SS>
</Props>
</Obj>
</Objs>
To use this information, we must use the reverse command Import-Clixml
$Cred = Import-Clixml -Path "c:\temp\user.xml"
again we are recovering an object $Cred
PS > $cred
UserName Password
-------- --------
MyUser System.Security.SecureString
Today my preference is the third solution with the use of XML files
Top comments (0)