Credential Secure
How to Secure Credential to use it during Scripting Powershell or PowerCli. I use two functions Export-CliXml and Import-CliXml
1. Export-CliXml
The Export-CliXml cmdlet creates an XML-based representation of an object or objects and stores it in a file. You can then use the Import-Clixml cmdlet to re-create the saved object based on the contents of that file
The Export-CliXml cmdlet encrypts credential objects by using the Windows Data Protection API . This ensures that only your user account can decrypt the contents of the credential object.
2. Import-CliXml
The Import-CliXml cmdlet imports a CLIXML file with data that represents Microsoft .NET Framework objects and creates the objects in Windows PowerShell.
A valuable use of Import-CliXml is to import credentials and secure strings that have been exported as secure XML by running the Export-Clixml cmdlet
3. Increase security with AES
During the process I decide to create an AES Key for encrypt password and it’s export with Export-CliXml. How to create an AES Key with PowerShell.
$Key = New-Object Byte[] 16 # You can use 16, 24, or 32 for AES
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)
$Key
4. Secure Password AES
This Powershell application generate two Files the first file is the AES.key and the second account_Creds.xml contain the credential exported and the password is encrypted by the AES.key
In the Object User I combined the username and the Host seperate with #.
To be sure that no information has been changed since their creation I recover their Hash and it is stored in the system registry in the location Computer\HKEY_CURRENT_USER\Software\JM2K69\StormShield
| Author | Products |
|---|---|
| JM2K69 | StormShield |
| JM2K69 | vSphereLab |
| JM2K69 | PhotonOS (DockerLab) |
If you want to use the source is on my Github
Written by Jérôme Bezet-Torres @JM2K69.