Multiple passwords with DSC

This topic contains 3 replies, has 3 voices, and was last updated by  robert johansson 1 year ago.

  • Author
  • #61738

    Chris Liquori


    I am creating a DSC to restore custom Windows Services for our environment. Each service uses a different domain account to start the service. How can I store the account information without having to type in the passwords each time I re-create the mof file? I am using a psd1 for the data of each service except the credential field.

    Thanks for your help in advance.


  • #61963

    Don Jones

    Storing passwords in MOFs is a little complicated, and requires you to have digital certificates (which must have a specific use-case flag in them). The certificate (with private key) must be deployed to the target node, and a copy of the certificate (without the private key) must be on whatever machine you're using to generate MOFs. We cover this in "The DSC Book," and you can also look at

    This would still normally require you to type the passwords when you physically create the MOF. There isn't, at present, a way around that, short of storing your passwords in clear text (which is obviously not a bright idea). You could probably get around in by perhaps storing this information in a secured, encrypted SQL Server database (for example), which you'd query during MOF creation to create PSCredential objects. I've never tried that.

  • #62347

    Chris Liquori

    Hey Don,

    Thanks for the response. A secured database is a good idea, and going to purchase the DSC book for reference on secured MOFs.

    Thanks again.


  • #63636

    robert johansson

    Poor man's credential store:

    PoShKeePass is a PowerShell module that combines the ease of the PowerShell cli and the extensibility of the KeePassLib API to provide a powerful and easy to use management and automating platform for KeePass databases.

You must be logged in to reply to this topic.