pre-encrypt credentials

DSC
1

I am trying to pass in pre-encrpted credentails, instead of DSC encrypting actual username and password

xWebAppPool someApool { identityType='SpecificUser' Credential = $Node.SomeEncryptedCredentail }

I have a cert with private key on the webserver, I would like to encrypt the password there and them put the encrypted cred or password in source control.

The public key credential is on the local authoring machine. DSC can encrypt locally mof no problem. Dsc on the webserver can decrypt no problem. But this requires me to have the password on the local authoring server, If possible I only want have the Web enrypted password on the local server.

This would stop me having to store the web apppool credentials anywhere but the web server

i.e how to create MSFT_Credential without knowing the raw password on the authoring server

instance of MSFT_Credential as $MSFT_Credential2ref
{
Password = “-----BEGIN CMS-----blah blah blah==\n-----END CMS-----”;
UserName = “someUser”;
};

2

That’s an interesting idea. I don’t think there’s a way to do it yet, but maybe you could write a script that allows the author to just use some bogus password, then modifies the MOF file afterward with the proper encrypted value.

In the future, maybe Microsoft could modify the DSC module so that it looks for passwords that match the CMS format, and just pass them through as-is.

3

would this help (specifically the last part sample) ?

https://msdn.microsoft.com/en-us/powershell/dsc/securemof#credential-encryption-module-example