Storing Credentials securely

Hi together,

I have been asked many times how to store and use securely credentials / passwords in scripts. The simplest thing is just to create a credential on a computer and export it via Export-Clixml where you make use of the SecureString and the native Windows Data Protection API (DAPI), which is secure. (take a look here) But the downside is that you can decrypt the securestring only at the computer and with the user who encrypted it.

Therefore I want to show you this simple but neat way to achieve this task on all computers. For this we simply make use of certificates to encrypt and decrypt the passwords which you would preferably create with your own PKI and deploy with your management solution.

How does this look like? As simple as this:

Install-Module ProtectedData

#Testing purpose
New-SelfSignedCertificate -Subject PowershellSec -KeyUsage KeyEncipherment -CertStoreLocation Cert:\CurrentUser\My 

#Retrieving cert
$Cert = Get-ChildItem Cert:\CurrentUser\My | Where-Object {$_.Subject -like '*PowershellSec*'}

#Production
#$Cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object {$_.Subject -like 'CN=PowerShell Automation*'}

# Encrypt password and store it in a file.
Protect-Data 'Password' -Certificate $Cert | Export-Clixml .\encrypted.xml

# Decrypt password from file within script.
$PasswordToUse = Unprotect-Data (Import-Clixml .\encrypted.xml) -Certificate $Cert 

$PasswordToUse

Alternatively you could also just use the Powershell built-in cmdlets:
Protect-CmsMessage and Unprotect-CmsMessage

Happy using!

David

PSConfEU 2017 – materials

PSConfEU.jpg

Hi there !

And again – a fantastic Powershell Conference managed by Tobias Weltner is now over!

The session materials can be found here:

https://github.com/psconfeu/2017

The video material can be found here:

powershell.video

Additionally to this I will create also some blog posts to my sessions. In one of these I will explain Powershell Security in depth! Stay tuned!

David

How important is scripting? Why Powershell?

Here we are – speaking about a topic, which all companies should have discussed and implemented years ago, but most of them didn┬┤t. I will show you with some examples, why you should change your mind and even if you┬┤re on the right train – there are still ways to improve.

Why scripting

Most of the companies think of scripting and automation as of cryptic hieroglyphics, which only the software developer gurus can handle. This is just a self protecting lie to be not forced to learn something new. Scripting (totally equally, which language you are using) is built up logically, which every IT-Administrator or IT- adept person can learn and master. But if you are still in doubt with this thesis you should take a look at the pros of scripting:

Continue reading

How I work.

Adam Bertram started this GitHub site inspired by the Lifehacker “How I Work” series and Thom asked me to post also a page of me. So – here we go!

Where are you located?:

Microsoft Office in Munich, Germany but i actually live in Ingolstadt.

What is/are your current gig(s):

Well i work for Microsoft as Premier Field Engineer and it┬┤s fun!
But what is this job role about?
Some people think, that i am just a more expensive consultant… other persons even can┬┤t imagine anything… so I will spend some words about my job role.

Continue reading

PSConfAsia 2016 SessionMaterial

psconfasia16.jpg

Hi together,

i have been the last days in Singapore at the PSConfAsia 2016 and had 3 Sessions:

  • Powershell GUI with XAML
  • PS Centralised Repo Server
  • Setting up JEA effectively

It has been a great event with great speakers. Here i attached my material of my 3 slots for the interested ones ­čśë ┬áhere

Video material is going to follow.

Best regards,

David