Solved

How to store passwords as a secure string and use in a script for access to multiple Prism sites

  • 26 July 2016
  • 4 replies
  • 1504 views
6
Badge +2
Need details how to store passwords as a secure string and use in a script for access to multiple Prism sites. I have a script to collect storage data from multiple Nutanix sites via Prism. Now I need to remove the plain text passwords.
I have located references but only find "NOTE: for security reasons we should store our passwords as a secure string, by declaring these as variables before starting PowerShell." Can anyone provide the steps required to make this work?
icon

Best answer by vshuguet 8 August 2016, 21:04

View original
This topic has been closed for comments

4 replies

shuguet
Userlevel 4
Badge +20
This is a common problem you'll often face with PowerShell.It's been covered in details in a lot of blog posts, but I guess you can have a look at this 2 parts post that resumes it nicely:http://www.adminarsenal.com/admin-arsenal-blog/secure-password-with-powershell-encrypting-credentials-part-1/http://www.adminarsenal.com/admin-arsenal-blog/secure-password-with-powershell-encrypting-credentials-part-2/
Sylvain Huguet - 2x Nutanix Technology Champion 2015-2016, French Nutanix Connect Chapter Champion, French VMUG Leader, 6x VMware vExpert 2011 to 2016
6
Badge +2
Thank you Shuget!

The information was very helpful. I was able to generate a secure password, generate an AES key with random data and export to a file, create the SecureString object, and the PSCredential object.

Now I need to know how to use this in a powershell script or did I miss something. Can you point me to a very good example of using the AES Key file in a script accessing a Nutanix Prism site?

w/r,
6373
vshuguet
Rank
Userlevel 1
Badge +4
Hi 6373,

Sorry for the delay, I was travelling.

I've put together a quick GitHub Gist with 3 files you can use to showcase the 3 steps you'd need to achieve your goal: https://gist.github.com/shuguet/6cb4577414357c25dbeb3d018a4b7373

Step 1: the "create_key.ps1" file in there is just used to create the encryption key.
Step 2: the "encrypt_password.ps1" file is used for you to encrypt you password and store that in a file.
Those 2 steps you'll most likely do once, and never again until you have to change the password.

Step 3: In file"get_ntnx_vms_with_crypted_passwd.ps1" is an exemple of using this to connect to a Nutanix Cluster and get the list of VMs names.

You can re-use that with whatever you want to do using the Nutanix Cmdlets.
Product Manager - Karbon Clusters & Kubernetes @ Nutanix
6
Badge +2
Shuguet,

Thank you for getting all of the steps put together for me!

6373
Terms & Conditions