Embedded Files
Problem statement
Problem statement
Whenever we create lengthy PowerShell scripts to automate our job, then most of the time we need id and password to authenticate against some system like MS Teams, SharePoint online etc.
Now in these scheduled PowerShell scripts we cannot use Get-Credentials as we do not want manual intervention to punch in credentials, we need to store login id and password to access services.
This is a part 1 of blog where we will see how to manage passwords for scheduled PowerShell scripts where we are connecting MS Teams, SharePoint or any other API.
In part 2 of blog we will manage passwords for local machine activities where we will need PowerShell to run as admin on different machines.
Implementation summery
Implementation summery
We will create an utility to encrypted password and to store encrypted password in text file.
Next we will use encrypted password file to create PSCredential object which we can use against any service or system.
Utility to encrypt password
Utility to encrypt password
Use following code to encrypt password and to save it as text file.
$adminUPN="diwakar.jadhav@work4delight.com"
$userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."
$userCredential.Password | ConvertFrom-SecureString | Set-Content password.txt
Here first line is having one variables, set this variables with the user UPN for which we you want to generate encrypted password file.
In second line Get-Credential command will open a popup to feed in user id and password, in Azure shell or in Machintosh PowerShell user need to directly type password in at command prompt. Following is the screenshot from Mac machine
In last line we are using piping to convert password into secure string i.e encrypting password then storing it in password.txt file.
This is how our password file looks like.
Also you can check in Powershell
Put this script text in a notepad and save it with extension .ps1 and use it to generate encrypted password file. Remember to change $adminUPN variable as required.
Use encrypted password file instead of password
Use encrypted password file instead of password
In the following script I am using our previously created encrypted password file to connect SharePoint online
$adminUPN="diwakar.jadhav@work4delight.com"
$password = cat password.txt | ConvertTo-SecureString
$userCredential2 = New-Object System.Management.Automation.PSCredential -ArgumentList $adminUPN, $password
Here first line is having one variables, set this variables with the user UPN which you want to use for authentication.
Second line statement is converting password file of corresponding user UPN back to secure string and storing it back to $password
Note : here as my password.txt file is in my default root folder, when you will move it to another machine or directory specify your full patch like E:/PasswordFiles/password.txt
In third statement we are converting id and password into PSCredential object.
This object you can use to connect corresponding service, for example below example shows how to connect with SharePoint online using client side object model in PowerShell script, notice how we can use PSCredential object.
$Context = New-Object Microsoft.SharePoint.Client.ClientContext($webURL)
$Context.Credentials = $userCredential2
$web = $context.Web
$Context.Load($web)
$Context.executeQuery();
Write-host $web.Title
Similarly you can use PSCredential object with SharePoint PnP commandlets
Connect-PnPOnline -Url $DestinationSiteUrlUploadCSV -Credentials $userCredential
Note : this whole activity you need to perform on same machine, if you will generate password from machine A and try to run it on machine B then it will not work. As default encryption also takes machine and user id in account. Please follow part 2 of blog if you are facing this scenario
Post relevance date : October 2020
Page updated
Report abuse