How to Secure Credential to use it during Scripting Powershell or PowerCli. I use two functions
The Export-CliXml cmdlet creates an XML-based representation of an object or objects and stores it in a file. You can then use the Import-Clixml cmdlet to re-create the saved object based on the contents of that file
The Export-CliXml cmdlet encrypts credential objects by using the Windows Data Protection API . This ensures that only your user account can decrypt the contents of the credential object.
The Import-CliXml cmdlet imports a CLIXML file with data that represents Microsoft .NET Framework objects and creates the objects in Windows PowerShell.
A valuable use of Import-CliXml is to import credentials and secure strings that have been exported as secure XML by running the Export-Clixml cmdlet
3. Increase security with AES
During the process I decide to create an AES Key for encrypt password and it’s export with
Export-CliXml. How to create an AES Key with PowerShell.
$Key = New-Object Byte 16 # You can use 16, 24, or 32 for AES [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key) $Key
4. Secure Password AES
This Powershell application generate two Files the first file is the
AES.key and the second
account_Creds.xml contain the credential exported and the password is encrypted by the
In the Object User I combined the username and the Host seperate with
To be sure that no information has been changed since their creation I recover their Hash and it is stored in the system registry in the location
If you want to use the source is on my Github
Written by Jérôme Bezet-Torres @JM2K69.