Best praxis for credentials

Hi,

So this is my first post in this forum, so let me introduce myself.

I’m an 50 year old ITtechnician with about 5years of self-taught experience of PowerShell. I love automation and PowerShell is an awesome tool for me and I love it. I’m no expert in anyway. So if I ask silly question just bare that in mind, please. :wink:

On to my problem.

I’ve built a script that communicates with our Active Directory. But as the script is run from my computer at the moment, I need to add credentials. And as I am lazy
I create a credentials object while developing which means I set two strings, one for my userName and the other for the password. Well, that is kinda alright when I’m a lone dev and on my own machine and it’s not yet finished and mostly there for testing.

But once I release the script and put it on the automation server I need to have solved this somehow. I just don’t know how to do this is, what’s the best praxis here?

Sure, I could create an admin account with an absurdly complicated long password. But it will still be human readable if someone opens the script. This to me is bad. So what can I do instead or is this the way to do it?

I have tried to find good videos about this on Youtube, but it doesn’t seem to be a popular topic.

So any tips, hints, guides or anything really will be highly appreciated.

Thanks!
Figeluren

Hi, welcome to the forum :wave:

What you need was formally released just a few months ago.

Check this out:

Very good to know, thanks Matt :slight_smile:

Sorry, I forgot to mention that we are on PowerShell 5… :stuck_out_tongue:

Best regards
Figeluren

Oh, it works in 5 as well… My bad. :smiley:

/Figeluren

I’m still curious though, how is this solved old-school-style?

/Figeluren

Usually by exporting the credential as a CLIXML file. This has limitations in so far as it can be used only by the user that created it on the computer it was created on. i.e. you’d have to log on to your automation server with the service account, then create and export the credential as the service account.

Thank you so much. I’ll look into both just to learn new tricks. I would be surprised if I use the old school method in the end though. But it’s never a bad thing to have old-school stuff in your bag of tricks. =)

Best regards
/Figeluren