loading...
FrPSUG

Credential : How to use them ?

irontux profile image Laurent LIENHARD ・3 min read

DISCLAIMER :
This article is translated by myself.
I do this to train but my level of English is not great so I apologize for any mistakes they might have.
If really it's not understandable at all thank you for pointing it out so that I can improve myself ;-)

Information

This article was written for a French Powershell UserGroup presentation.

You can find this presentation on Youtube : FRPSUG Channel

The different ways to use Credential ...

Initial request

Since I started on PowerShell, I very quickly asked the question of the management of credentials in my scripts

From the simple need that may be handled in a basic way to the use of credentials in automatic scripts I looked for the best way to do it.

Processing the request

1. Get-Credential

The easiest way to use credentials is to use the basic PowerShell command

$cred = Get-Credential -Message "Message show in the Popup" -UserName MyUser

the result is

PS > $cred

UserName                           Password
--------                           --------
MyUser System.Security.SecureString

This variable $cred can be used for example in the following command

Enter-PSSession -ComputerName MyComputer -Credential $cred

2. ConvertFrom-SecureString : storage on disk

An another solution, a bit more advanced, is to store password in a file on your computer.

Naturally this storage must be done in a secure way.
As before, the first step is create the $Credobject

$cred = Get-Credential -Message "Message show in the Popup" -UserName MyUser

Second step is store the password in file but encrypted
For this we used the ConvertFrom-SecureStringcommand

$Cred.Password | ConvertFrom-SecureString | Out-File C:\temp\password.txt

In my file c:\temp\password.txt, my password is seen like this

01000000d08c9ddf0115d1118c7a00c04fc297eb0100000057670149ac674a41ad9d185a8a82724b0000000002000000000010660000000100002000000093aaaf1ed598a69bbfb4cc77e81dfeb2786f26db6184538833af18054ef1a8a3000000000e800000000200002000000098c97f4f344d0159f337966d55060ad3297cae7515938457a713ddd9eaac5cdf200000003d986891fb27cb3983f798082083ac734d97d6235a186d3cc43db26f63bd44684000000018620d4739c0a26a6261e8c9867e94605cd35c61090c982999d5bb09fb54ec7d9a3499ebeb304c67720edfa37a34fe7fd4bce8fd8468dbee5081f56c81f4ce46

To use this encrypted password, you must first decrypt it.
For that we will used the ConvertTo-SecureString command
After that, with the decrypted password, we can make a new PSCredential object and use it

$Username = "MyUser"
$SecurePassword = Get-Content c:\temp\password.txt | ConvertTo-SecureString
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$SecurePassword
PS > $cred

UserName                           Password
--------                           --------
MyUser System.Security.SecureString

As in point 1, we have a object $Cred that we can use in the follow script

Enter-PSSession -ComputerName MyComputer -Credential $cred

3. Export-Clixml : storage on disk

The advantage of this method is that you can leverage the versatility of PowerShell to ensure that data is not only exported, but also stored securely using secure strings. It should be noted that these credentials files can only be opened by the same user on the same system.

To create the export file, we will used the Export-Clixml command

get-credential -message "User's Password ?" -UserName MyUser | Export-Clixml -Path "c:\temp\user.xml"

In the file c:\temp\user.xml we can see the following information

<Objs Version="1.1.0.1" xmlns="http://schemas.microsoft.com/powershell/2004/04">
  <Obj RefId="0">
    <TN RefId="0">
      <T>System.Management.Automation.PSCredential</T>
      <T>System.Object</T>
    </TN>
    <ToString>System.Management.Automation.PSCredential</ToString>
    <Props>
      <S N="UserName">MyUser</S>
      <SS N="Password">01000000d08c9ddf0115d1118c7a00c04fc297eb0100000057670149ac674a41ad9d185a8a82724b00000000020000000000106600000001000020000000dadd8864c9b930a2eb07a6745ac4fb5711912c318c401f7e35bb91d4d1cc180b000000000e8000000002000020000000b5a862ba266c236357445b773ca38d73ed124cf82d863ac4c11e2b48d57fca4b2000000054180930ba9fd53a6c4bdd9d7f69c044c88072b0d411486bccc1ca3cca417bf440000000d6197eafe8a133235bd1b44e376c3ff02e94da9f39b7d24b9a68ef5dbd629e44180ce15c3e67830d758fa1296f60a98cb2371ef915990c921e728f44c72c4cbd</SS>
    </Props>
  </Obj>
</Objs>

To use this information, we must use the reverse command Import-Clixml

 $Cred = Import-Clixml -Path "c:\temp\user.xml"

again we are recovering an object $Cred

PS > $cred

UserName                           Password
--------                           --------
MyUser System.Security.SecureString

Today my preference is the third solution with the use of XML files

Posted on by:

irontux profile

Laurent LIENHARD

@irontux

Training for developer C++, Self-taught in PowerShell, interested in everything related to technology

FrPSUG

Le French PowerShell User Group (Groupe d’utilisateurs Francophone PowerShell) est pour tout francophone désireux d’apprendre et d’étendre ses connaissances.

Discussion

pic
Editor guide