pre-encrypt credentials

This topic contains 2 replies, has 3 voices, and was last updated by  Arie H 2 years, 1 month ago.

  • Author
  • #40867

    Tim Ker

    I am trying to pass in pre-encrpted credentails, instead of DSC encrypting actual username and password

    xWebAppPool someApool
    Credential = $Node.SomeEncryptedCredentail

    I have a cert with private key on the webserver, I would like to encrypt the password there and them put the encrypted cred or password in source control.

    The public key credential is on the local authoring machine. DSC can encrypt locally mof no problem. Dsc on the webserver can decrypt no problem. But this requires me to have the password on the local authoring server, If possible I only want have the Web enrypted password on the local server.

    This would stop me having to store the web apppool credentials anywhere but the web server

    i.e how to create MSFT_Credential without knowing the raw password on the authoring server

    instance of MSFT_Credential as $MSFT_Credential2ref
    Password = "-----BEGIN CMS-----blah blah blah==\n-----END CMS-----";
    UserName = "someUser";

  • #40898

    Dave Wyatt

    That's an interesting idea. I don't think there's a way to do it yet, but maybe you could write a script that allows the author to just use some bogus password, then modifies the MOF file afterward with the proper encrypted value.

    In the future, maybe Microsoft could modify the DSC module so that it looks for passwords that match the CMS format, and just pass them through as-is.

  • #41114

    Arie H

You must be logged in to reply to this topic.