cancel
Showing results for 
Search instead for 
Did you mean: 

Keeping API usernames/password secret in a command script

ncarmichael
Rising Star II

Some of my PowerShell scripts callout out to things like the Amazon API

How are people tackling keeping usernames/passwords/keys secret for these scripts?

For example, they can be exported in an encrypted form to a companion file (that JC also delivers)

Interested to hear what others have found works well (and what doesn't)

 

 

3 REPLIES 3

rlyons
Rising Star III

This is a good start.

https://community.spiceworks.com/how_to/157096-how-to-create-a-secure-credential-file-for-use-with-p...

Basically, create an encrypted credential file (as a bonus, place it in a location that only admins can get to), then use the get-credential commandlet to set your credential variables, then use those variables in the script to have it dynamically place the logins at runtime where you need them.

Here's a couple of example links and such:

https://community.spiceworks.com/how_to/157096-how-to-create-a-secure-credential-file-for-use-with-p...

https://interworks.com/blog/trhymer/2013/07/08/powershell-how-encrypt-and-store-credentials-securely... 

rlyons
Rising Star III

Interesting. I moved around the links yet when I posted this reply, it still had those top two lines..... Editing on this forum in macOS MS Edge is kinda strange....

Interesting, do you find the file-thing works, the first comment on the article you linked says "it must be created on the PC on which the script will be run." which in a  jumpcloud running it across multiple-machines will not be the case?