How to store passwords as a secure string and use in a script for access to multiple Prism sites | Nutanix Community
Skip to main content
Need details how to store passwords as a secure string and use in a script for access to multiple Prism sites. I have a script to collect storage data from multiple Nutanix sites via Prism. Now I need to remove the plain text passwords.

I have located references but only find "NOTE: for security reasons we should store our passwords as a secure string, by declaring these as variables before starting PowerShell." Can anyone provide the steps required to make this work?
Shuguet,



Thank you for getting all of the steps put together for me!



6373
Hi 6373,



Sorry for the delay, I was travelling.



I've put together a quick GitHub Gist with 3 files you can use to showcase the 3 steps you'd need to achieve your goal: https://gist.github.com/shuguet/6cb4577414357c25dbeb3d018a4b7373



Step 1: the "create_key.ps1" file in there is just used to create the encryption key.

Step 2: the "encrypt_password.ps1" file is used for you to encrypt you password and store that in a file.

Those 2 steps you'll most likely do once, and never again until you have to change the password.



Step 3: In file"get_ntnx_vms_with_crypted_passwd.ps1" is an exemple of using this to connect to a Nutanix Cluster and get the list of VMs names.



You can re-use that with whatever you want to do using the Nutanix Cmdlets.
Thank you Shuget!



The information was very helpful. I was able to generate a secure password, generate an AES key with random data and export to a file, create the SecureString object, and the PSCredential object.



Now I need to know how to use this in a powershell script or did I miss something. Can you point me to a very good example of using the AES Key file in a script accessing a Nutanix Prism site?



w/r,

6373
This is a common problem you'll often face with PowerShell.It's been covered in details in a lot of blog posts, but I guess you can have a look at this 2 parts post that resumes it nicely:http://www.adminarsenal.com/admin-arsenal-blog/secure-password-with-powershell-encrypting-credentials-part-1/http://www.adminarsenal.com/admin-arsenal-blog/secure-password-with-powershell-encrypting-credentials-part-2/