I’m trying to use DSC to maintain configuration on a handful of shared servers. My plan is to put my DSC scripts into Source Control so anyone on my team can edit the configuration and ‘push’ it from their own workstation. All the workstations as well as the servers themselves (the nodes) are running Windows 7.
Everything works great now, but my problem is that it puts my domain password in plain-text in the MOF file. I don’t anticipate ever checking those files into source control, but my teammates aren’t happy about code that puts their passwords into a plain-text file.
I looked into a few options. This page gives instructions, but it uses the ‘Export-Certificate’ function, which doesn’t seem to be available on Win7. It also seems like I could set DSC to run locally on the node (in Pull mode), but I don’t have anywhere to set up a Pull server.
So, are there any simple methods to encrypt my credentials so they’re not stored in clear text? Here’s my code right now, which works great (aside from the aforementioned storing of passwords in clear text in the MOF).
$ConfigurationData = @{
AllNodes = @(
@{
NodeName = "*" # Settings that apply to all nodes
PSDscAllowPlainTextPassword=$true
}
)
}
Configuration ManagedServers
{
param (
[Parameter(Mandatory = $true)] [PSCredential] $Credential
)
Node $AllNodes
{
Group Administrators
{
GroupName = "Administrators"
Ensure = "Present"
Members = "DOMAIN\User"
Credential = $Credential
}
}
}
ManagedServers -ConfigurationData $ConfigurationData -Credential (Get-Credential)