pre-encrypt credentials

This topic contains 2 replies, has 3 voices, and was last updated by Profile photo of Arie H Arie H 6 months, 1 week ago.

  • Author
    Posts
  • #40867
    Profile photo of Tim Ker
    Tim Ker
    Participant

    I am trying to pass in pre-encrpted credentails, instead of DSC encrypting actual username and password


    xWebAppPool someApool
    {
    identityType='SpecificUser'
    Credential = $Node.SomeEncryptedCredentail
    }

    I have a cert with private key on the webserver, I would like to encrypt the password there and them put the encrypted cred or password in source control.

    The public key credential is on the local authoring machine. DSC can encrypt locally mof no problem. Dsc on the webserver can decrypt no problem. But this requires me to have the password on the local authoring server, If possible I only want have the Web enrypted password on the local server.

    This would stop me having to store the web apppool credentials anywhere but the web server

    i.e how to create MSFT_Credential without knowing the raw password on the authoring server

    instance of MSFT_Credential as $MSFT_Credential2ref
    {
    Password = "-----BEGIN CMS-----blah blah blah==\n-----END CMS-----";
    UserName = "someUser";
    };

  • #40898
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    That's an interesting idea. I don't think there's a way to do it yet, but maybe you could write a script that allows the author to just use some bogus password, then modifies the MOF file afterward with the proper encrypted value.

    In the future, maybe Microsoft could modify the DSC module so that it looks for passwords that match the CMS format, and just pass them through as-is.

  • #41114
    Profile photo of Arie H
    Arie H
    Participant

You must be logged in to reply to this topic.