pre-encrypt credentials

tim-ker · May 30, 2016, 12:06am

I am trying to pass in pre-encrpted credentails, instead of DSC encrypting actual username and password


 xWebAppPool someApool
 {
    identityType='SpecificUser'
   Credential = $Node.SomeEncryptedCredentail
 }

I have a cert with private key on the webserver, I would like to encrypt the password there and them put the encrypted cred or password in source control.

The public key credential is on the local authoring machine. DSC can encrypt locally mof no problem. Dsc on the webserver can decrypt no problem. But this requires me to have the password on the local authoring server, If possible I only want have the Web enrypted password on the local server.

This would stop me having to store the web apppool credentials anywhere but the web server

i.e how to create MSFT_Credential without knowing the raw password on the authoring server
instance of MSFT_Credential as $MSFT_Credential2ref { Password = “-----BEGIN CMS-----blah blah blah==\n-----END CMS-----”; UserName = “someUser”; };

system · May 30, 2016, 6:27am

That’s an interesting idea. I don’t think there’s a way to do it yet, but maybe you could write a script that allows the author to just use some bogus password, then modifies the MOF file afterward with the proper encrypted value.

In the future, maybe Microsoft could modify the DSC module so that it looks for passwords that match the CMS format, and just pass them through as-is.

silent-steel · May 31, 2016, 1:25pm

would this help (specifically the last part sample) ?

https://msdn.microsoft.com/en-us/powershell/dsc/securemof#credential-encryption-module-example

Topic		Replies	Views
Encrypted Credentials in Push mode on Windows 7 DSC	3	159	June 9, 2014
Composite resource credentials encryption DSC	3	252	April 14, 2020
DSC Encrypting multiple Credentials DSC	4	158	April 3, 2017
Encrypting a password in a DSC Script Resource DSC	10	193	January 12, 2016
Import pfx DSC	1	350	December 13, 2018

pre-encrypt credentials

Related Topics