DEV Community

Laurent LIENHARD for FrPSUG

Posted on

4

Credential : How to use them ?

DISCLAIMER :
This article is translated by myself.
I do this to train but my level of English is not great so I apologize for any mistakes they might have.
If really it's not understandable at all thank you for pointing it out so that I can improve myself ;-)

Information

This article was written for a French Powershell UserGroup presentation.

You can find this presentation on Youtube : FRPSUG Channel

The different ways to use Credential ...

Initial request

Since I started on PowerShell, I very quickly asked the question of the management of credentials in my scripts

From the simple need that may be handled in a basic way to the use of credentials in automatic scripts I looked for the best way to do it.

Processing the request

1. Get-Credential

The easiest way to use credentials is to use the basic PowerShell command

$cred = Get-Credential -Message "Message show in the Popup" -UserName MyUser
Enter fullscreen mode Exit fullscreen mode

the result is

PS > $cred

UserName                           Password
--------                           --------
MyUser System.Security.SecureString
Enter fullscreen mode Exit fullscreen mode

This variable $cred can be used for example in the following command

Enter-PSSession -ComputerName MyComputer -Credential $cred
Enter fullscreen mode Exit fullscreen mode

2. ConvertFrom-SecureString : storage on disk

An another solution, a bit more advanced, is to store password in a file on your computer.

Naturally this storage must be done in a secure way.
As before, the first step is create the $Credobject

$cred = Get-Credential -Message "Message show in the Popup" -UserName MyUser
Enter fullscreen mode Exit fullscreen mode

Second step is store the password in file but encrypted
For this we used the ConvertFrom-SecureStringcommand

$Cred.Password | ConvertFrom-SecureString | Out-File C:\temp\password.txt
Enter fullscreen mode Exit fullscreen mode

In my file c:\temp\password.txt, my password is seen like this

01000000d08c9ddf0115d1118c7a00c04fc297eb0100000057670149ac674a41ad9d185a8a82724b0000000002000000000010660000000100002000000093aaaf1ed598a69bbfb4cc77e81dfeb2786f26db6184538833af18054ef1a8a3000000000e800000000200002000000098c97f4f344d0159f337966d55060ad3297cae7515938457a713ddd9eaac5cdf200000003d986891fb27cb3983f798082083ac734d97d6235a186d3cc43db26f63bd44684000000018620d4739c0a26a6261e8c9867e94605cd35c61090c982999d5bb09fb54ec7d9a3499ebeb304c67720edfa37a34fe7fd4bce8fd8468dbee5081f56c81f4ce46
Enter fullscreen mode Exit fullscreen mode

To use this encrypted password, you must first decrypt it.
For that we will used the ConvertTo-SecureString command
After that, with the decrypted password, we can make a new PSCredential object and use it

$Username = "MyUser"
$SecurePassword = Get-Content c:\temp\password.txt | ConvertTo-SecureString
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$SecurePassword
Enter fullscreen mode Exit fullscreen mode
PS > $cred

UserName                           Password
--------                           --------
MyUser System.Security.SecureString
Enter fullscreen mode Exit fullscreen mode

As in point 1, we have a object $Cred that we can use in the follow script

Enter-PSSession -ComputerName MyComputer -Credential $cred
Enter fullscreen mode Exit fullscreen mode

3. Export-Clixml : storage on disk

The advantage of this method is that you can leverage the versatility of PowerShell to ensure that data is not only exported, but also stored securely using secure strings. It should be noted that these credentials files can only be opened by the same user on the same system.

To create the export file, we will used the Export-Clixml command

get-credential -message "User's Password ?" -UserName MyUser | Export-Clixml -Path "c:\temp\user.xml"
Enter fullscreen mode Exit fullscreen mode

In the file c:\temp\user.xml we can see the following information

<Objs Version="1.1.0.1" xmlns="http://schemas.microsoft.com/powershell/2004/04">
  <Obj RefId="0">
    <TN RefId="0">
      <T>System.Management.Automation.PSCredential</T>
      <T>System.Object</T>
    </TN>
    <ToString>System.Management.Automation.PSCredential</ToString>
    <Props>
      <S N="UserName">MyUser</S>
      <SS N="Password">01000000d08c9ddf0115d1118c7a00c04fc297eb0100000057670149ac674a41ad9d185a8a82724b00000000020000000000106600000001000020000000dadd8864c9b930a2eb07a6745ac4fb5711912c318c401f7e35bb91d4d1cc180b000000000e8000000002000020000000b5a862ba266c236357445b773ca38d73ed124cf82d863ac4c11e2b48d57fca4b2000000054180930ba9fd53a6c4bdd9d7f69c044c88072b0d411486bccc1ca3cca417bf440000000d6197eafe8a133235bd1b44e376c3ff02e94da9f39b7d24b9a68ef5dbd629e44180ce15c3e67830d758fa1296f60a98cb2371ef915990c921e728f44c72c4cbd</SS>
    </Props>
  </Obj>
</Objs>
Enter fullscreen mode Exit fullscreen mode

To use this information, we must use the reverse command Import-Clixml

 $Cred = Import-Clixml -Path "c:\temp\user.xml"
Enter fullscreen mode Exit fullscreen mode

again we are recovering an object $Cred

PS > $cred

UserName                           Password
--------                           --------
MyUser System.Security.SecureString
Enter fullscreen mode Exit fullscreen mode

Today my preference is the third solution with the use of XML files

Speedy emails, satisfied customers

Postmark Image

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay