

You appear to be passing the result of ConvertFrom-SecureString. A while later I went to check on my target nodes and realized I couldn’t without pushing out a new MOF file. You are close, but the parameter you pass to SecureStringToBSTR must be a SecureString. This wasn’t something I thought about before I used PsDscRunAsCredential on all the resources in my configuration. Creating PSCredential objects with the Get-Credential cmdlet.
#Get plain text from pscredential code#
The user name is also entered as plain text in the script here. Application pass the Authorization code to Azure AD Token Endpoint to get various token like id, access and refresh tokens For fetching the user details.
#Get plain text from pscredential password#
Now that the MOF file contains the new password you are able to check in on your current configuration again. Another disadvantage is that the text file must be accessible during execution, which makes it impossible to delegate scripts. Once this MOF file has been generated you’ll push it out to your target node. To fix this you must rerun your configuration, which will in turn generate a new MOF file that contains the new password. If the password you used for the PsDscRunAsCredentials property has changed since the MOF file was enacted you’ll get the following errors when you try and run Get-DscConfiguration or Test-DscConfiguration. You can run a couple of commands to check your current configuration that compare the desired state, defined in the current.mof file, to the nodes current state. The credentials, including the password (hopefully encrypted by a certificate!), are within the file. This method requires a plain text password, which might violate the security standards in some enterprises.

/Sendmessage-59f9e9dd22fa3a001904d99e.jpg)
Once you push your MOF file out to the target node and it is enacted, the MOF remains on the target node in a designated folder and is named current.mof. Warning 2: Changing the password used in a MOF file Once we run this we’ll see our MOF file has been successfully generated. To skirt around this issue in test we can add a configuration property that basically forces us to accept we know this is a bad idea, but we’re going for it anyway.ĭtcServiceRunning -Output. Using the -AsSecureString cmdlet switch you can encrypt the text as shown below. Read-Host -AsSecureString deploypassword ConvertTo-PlainText pwd pw. The correct way to handle this issue is to generate a certificate and use that to encrypt the MOF file, a topic I will blog about one day soon. However, if you are the one who asked for the secure string in the first place, you can easily convert it back into plain text with this clever trick: txt PSCredential::new('X', Password).GetNetworkCredential().Password txt. By default, when you save a password as a variable the password is saved as a plain text and it is not secure. How do I get the credentials (token) and pass it to the commands something. When you run your configuration, DtcServiceRunning in my example, a MOF file is generated and with our current setup the passwords will be stored in plain text (you can read more about generating MOF files here). This a pretty old one but a script block at times I revert back to in particular when there is a requirement to specify user credentials in order to complete a task. The ConvertTo-SecureString cmdlet converts the password into a System.Security. Warning 1: Plain Text PasswordsĪlthough it feels like you are handling the credential securely, when you run the code above you will get an error explaining that storing passwords in plain text is a bad idea. With the password in plain text, we know we need to encrypt the password here. When you use credentials in your configurations there are a couple of gotchas- we’ll talk through these next. “TwitterSecret” = $(Get-PWfromCredFile “.\TwitterSecret.Import-DscResource -ModuleName PSDesiredStateConfiguration “GoogClientSecret” = $(Get-PWfromCredFile “.\GoogClientSecret.credential”) than the PsCredential class because it stores the user's password in plain text. $AppSettings = $(Get-PWfromCredFile “.\FB_AppSecret.credential”) To request a credential from the user, use the Get-Credential cmdlet. # Sample Uses: Read in Cred File to populate app settings array … Write-host $(Get-PWFromCredFile “.\FB_AppSecret.credential”) $myVar = Get-PWFromCredFile(“.\FB_AppSecret.credential”) # Partner function of Get-PWCreateCredFile.ps1Īuthor: Dan Stolts – dstolts& – Ĭopy portion of script you want to use and paste into PowerShell (or ISE) a PSCredentials object and extract password by using the previous method. Purpose: Open and Read XML file with Secure Password stored.Ĭonverts Text Version of Secure String to Plain Text Strings are unsecure, they are stored in memory as plain text and most cmdlets.
