When working with Powershell scripts, you often need to use credentials for different servers or services. Username and password data is sensitive and must be stored in encrypted form. To make things easier for me, I wrote a simple "CredentailsStore" module that helps me control sensitive data. Idea is very simple - I create an array that contains three parameters - key, username and password. All data outside the key is obviously encrypted using the Windows Data Protection API (DPAPI).
An array of credentials can be saved in a CSV file. When later I need credentials in my scripts for any server or service I load data from a CSV file. I use ConvertFrom-SecureString and ConvertTo-SecureString to encrypt and decrypt data.
A simple credentials store is a part of my Sitecore Automation Module available on PowerShell Gallery. The module export the followings functions:
A function New-StoredCredential can ask for credentials if you do not pass Username and Password parameters. Then GUI will be displayed. To dispalay GUI and get credentials the function Get-Credential is used.
You can also pass credentials as parameters.
New-StoredCredential -Key "SMTP-Server" -Username "SMTP-User" -Password "password" New-StoredCredential -Key "SQL-Server" -Username "SQL-User" -Password "password"
The most important part is a make credential storage persistent. I want to create a storage once and use credentials in my scripts. There are two functions to help me with this task - Export-CredentialStore and Import-CredentialStore. An Export-CredentialStore function will save my credentials store to the CSV file. In other scripts I just need to call an Import-CredentialStore function to get access to stored credentials. As I mentined erlier username and password are encrypted using the Windows Data Protection API (DPAPI)
From my perespective there is a missing important functionality - a credential store migration. The following use case will be implemented soon. I want to create a credential store on my local computer and then I want to deploy this file to my servers. In this case I have to encrypt a CSV file with a temporary key and then on local server decrypt a file and then encrypt with a local server key.