Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Explain secure password Encryption with PowerShell.
Many times we need to use passwords in PowerShell and need to pass it to the credential parameter and a password should be always a secure string, not a plain text. There are few methods to encrypt the password as mentioned below.
a) Get-Credential Format
We have one method where we can store the username and password is through cmdlet Get-Credential. It will provide a GUI prompt. You can store this password into a variable and use it later in the command.
$cred = Get-Credential
Credentials are stored into $cred variable. Here is the value of the variable. output below.
PS C:\WINDOWS\system32> $cred UserName Password -------- -------- test System.Security.SecureString
You can see the password is stored in the secure string. You can use the above variable with the credential parameter that cmdlet supports.
For example,
Invoke-Command -ComputerName Test-PC -ScriptBlock {Get-Service} -
Credential $credYou can see how this password looks in encrypted form and for that, you need to use ConvertFrom-SecureString command.
PS C:\WINDOWS\system32> $cred.Password | ConvertFrom-SecureString 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fe83583138f0ce4bb0e3654f0529948100000000020000000000 106600000001000020000000cf8760de4e2ca7a28c8efd055c578dc7779f3984f25c1f9bc8c7a8ec50d97aa1000000000e80 00000002000020000000fb33efe90790e302ee738ad245b0b256d34e49728a08dfd2ef524da22f9bccaf100000003cf7a899 ea4c75edd7b4e418351f686040000000b21de677725588fb8f8bd589de058247171c103b48a50d06f152f25c8196935ca78f f7b1909bc5e76ad5c9cf1e2df497769aed3c1bb2f4035c26e6bdd7aa3875
b) Secure String Format
Another method to get the password in the secure string is to use the Read-Host command with –AsSecureString parameter.
PS C:\WINDOWS\system32> $passwd = Read-Host "Enter Password" -AsSecureString Enter Password: *******
You can use this password directly in the cmdlets that support the Credential parameter by creating a new PSCredential object as shown in the below example.
$username = Read-Host "Enter UserName" $passwd = Read-Host "Enter Password" -AsSecureString $creds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username,$passwd Connect-VIServer -Server TestvCenter.lab -Credential $creds
When you check this password variable, it is also in the Secure.String format and again you can retrieve the encrypted password with ConvertFrom-SecureString pipeline command.
PS C:\WINDOWS\system32> $passwd System.Security.SecureString PS C:\WINDOWS\system32> $passwd | ConvertFrom-SecureString 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fe83583138f0ce4bb0e3654f05299481000000000200000000001 06600000001000020000000d5439c95404cc4e81dbb83b557e58cec12b5047e441b22bd3dabca96bc231d39000000000e8000 000002000020000000a9c2b95f3363ecbd46beaf927a1779ff2f43e17fb0e3aadf0d2c9c3dedc5fb1e10000000439a72d5bd9 97aacd529f49425909151400000008ad5e497b74e054e21ea1232c6ae45a64af302d91df09c0768eacd57b08f6b86f9bc4244 75c2e14173edd287e8a9304c570104475d09ebd9ab4c419167222260
Once your password string is secured, you can use directly it for the password. You don’t need to get the encrypted password with ConvertFrom-SecureString. It is just to see the password secure string.
c) Clear text format
What if the password is in the clear text format, you can use the clear text password directly in the command which supports the Password parameter but the below method is not recommended as it is in the clear text format and it can cause a major security breach. See the example below.
Connect-VIServer -Server TestvCenter.lab -User "Testadmin" - Password "PowerShell"
You can convert the clear text password into a secure string format. This is useful when you have a password text file placed in a secure location and PowerShell need to use the password without cleartext. The process is shown below.
$passwd = "Test@123" | ConvertTo-SecureString -AsPlainText -Force
PS C:\WINDOWS\system32> $passwd System.Security.SecureString
Now our password is secured and we can use it as a password in our credential. Here, we are connecting vCenter server named TestvCenter.lab with $cred parameter.
$creds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList “test”,$passwd Connect-VIServer -Server TestvCenter.lab -Credential $creds
You can see the encrypted password with the method below. It is in the text encoded format, not the original password.
PS C:\WINDOWS\system32> $passwd | ConvertFrom-SecureString 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fe83583138f0ce4bb0e3654f052994810000000002 0000000000106600000001000020000000358daf9fec158cf68ccf5e06bf0eb829953553f5e703df2ce0d97e8a 95f5761f000000000e8000000002000020000000cf65dea31f8f4082392f958cd836b22cff2b6d86c3ab29d235 2f56aa757300b520000000f9626238a73c899ebf61bd935651a8deb391e2615164779d461c679ad04bc1264000 00007050962ea9d8c67f051b9fcbdbee953dffa2cc2377905911814a8d87d3e7678914a3e0292cb24977767881 6391919c5518d6251a78f87b6efd990cb3eabe96e4
If you need to store this password in the file then you can use the above command.
PS C:\WINDOWS\system32> $passwd | ConvertFrom-SecureString | Out-File C:\Passwd.txt
But when you are retrieving back your password, you need to convert again to the Secure string format because the credential parameter only accepts the secure strings.
PS C:\WINDOWS\system32> $passwd = (Get-Content C:\Passwd.txt) | ConvertTo-SecureString
PS C:\WINDOWS\system32> $passwd System.Security.SecureString
You can use this password in the credential parameter of the supported cmdlets.
289 Views
