secure storing credentials

tdubb123 · ‎05-01-2023

I am trying to store vcenter creds securtely

so I use

$credential = get-credential

$credential | export-clixml vcenter_cred.cred

connect-viserver vc -credential (import-clixml vcenter_cred.cred) -force

is this secure or is there better way

LucD · ‎05-01-2023

Somewhat.

The issue with Export-CliXml is that it uses the Windows Data Protection API, which means only the user that created the file can decrypt the content on the same computer where the encryption was done.
If that fits your requirements, fine.

A better method, IMHO, is using the SecretManagement and SecretStore modules.

The SecretManagement module lets you use other vaults, besides the SecretStore one.
If your environment is already using one of those secret management vaults, you can easily store the secrets (credentials) you use in PS in that same vault.

Have a read of Overview of the SecretManagement and SecretStore modules

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

LisandrodeCuba · ‎05-01-2023

@LucD great suggestion and thanks on the read up..

All

secure storing credentials