Let's Share

My personal place to share knowledge about Sitecore, Powershell, Amazon Web Services and .NET

parallax image

A simple credentials store for Powershell scripts.

posted by Robert Senktas   | 05-06-2017

Introduction

When working with Powershell scripts, you often need to use credentials for different servers or services. Username and password data is sensitive and must be stored in encrypted form. To make things easier for me, I wrote a simple "CredentailsStore" module that helps me control sensitive data. Idea is very simple - I create an array that contains three parameters - key, username and password. All data outside the key is obviously encrypted using the Windows Data Protection API (DPAPI).
An array of credentials can be saved in a CSV file. When later I need credentials in my scripts for any server or service I load data from a CSV file. I use ConvertFrom-SecureString and ConvertTo-SecureString to encrypt and decrypt data.
A simple credentials store is a part of my Sitecore Automation Module available on PowerShell Gallery. The module export the followings functions:

  • New-StoredCredential
  • Get-StoredCredential
  • TryGet-StoredCredential
  • ConvertTo-PlainText
  • Import-CredentialStore
  • Export-CredentialStore

A function New-StoredCredential can ask for credentials if you do not pass Username and Password parameters. Then GUI will be displayed. To dispalay GUI and get credentials the function Get-Credential is used.
Ask for credentials

You can also pass credentials as parameters.

New-StoredCredential -Key "SMTP-Server" -Username "SMTP-User" -Password "password"
New-StoredCredential -Key "SQL-Server" -Username "SQL-User" -Password "password"

Persistence

The most important part is a make credential storage persistent. I want to create a storage once and use credentials in my scripts. There are two functions to help me with this task - Export-CredentialStore and Import-CredentialStore. An Export-CredentialStore function will save my credentials store to the CSV file. In other scripts I just need to call an Import-CredentialStore function to get access to stored credentials. As I mentined erlier username and password are encrypted using the Windows Data Protection API (DPAPI)

Tests

Sitecore-Automation module was tested with Pester. The tests source code is available on Bitbucket


The Road Map

From my perespective there is a missing important functionality - a credential store migration. The following use case will be implemented soon. I want to create a credential store on my local computer and then I want to deploy this file to my servers. In this case I have to encrypt a CSV file with a temporary key and then on local server decrypt a file and then encrypt with a local server key.


An example how to use a simple credential store.

Powershell Credentials Username Password Pester
This is a personal blog. All opinions here are my own opinions and do not represent my employer’s view in anyway.

Sitecore Automation Module