Showing results for 
Search instead for 
Did you mean: 

Keeping API usernames/password secret in a command script

Rising Star II

Some of my PowerShell scripts callout out to things like the Amazon API

How are people tackling keeping usernames/passwords/keys secret for these scripts?

For example, they can be exported in an encrypted form to a companion file (that JC also delivers)

Interested to hear what others have found works well (and what doesn't)




Rising Star III

This is a good start.

Basically, create an encrypted credential file (as a bonus, place it in a location that only admins can get to), then use the get-credential commandlet to set your credential variables, then use those variables in the script to have it dynamically place the logins at runtime where you need them.

Here's a couple of example links and such: 

Rising Star III

Interesting. I moved around the links yet when I posted this reply, it still had those top two lines..... Editing on this forum in macOS MS Edge is kinda strange....

Interesting, do you find the file-thing works, the first comment on the article you linked says "it must be created on the PC on which the script will be run." which in a  jumpcloud running it across multiple-machines will not be the case?