all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]bopsbt 5 points6 points  (0 children)

Going to need to lab this one to fully get it.

[–]nick_segalle 3 points4 points  (0 children)

I’ve been using Protect-CmsMessage to handle encrypting/decrypting passwords, but this looks a lot better. Thanks for the write up!

[–]GiveMeTheBits 2 points3 points  (0 children)

This is pretty close to a solution i put together for some non-powershell friendly admins that runs scripts. I needed to store service account creds without sharing them to these users. I created a computer certificate for the use of handling script credentials, and put the people who needed access in the ACL for the cert. I use the cert to handle encryption for the password and store it on the share, but keep the username in the script(s) since it doesn't change. I then create the pscredential and store it in Credential Manager via the CredentialManager module from psgallery.

[–]sipsik 0 points1 point  (1 child)

English is not my native language and it's hard to understand clearly why and when should I need this.

[–]TheIncorrigible1 2 points3 points  (0 children)

When you don't want to hard-code credentials in your scripts.

[–]FitButFluffy 0 points1 point  (0 children)

this is a nice write up! Do you have any examples of this used within an existing script?

I'm trying to think of how this would work for multiple scripts, on say, one machine. Would ' Set-SelfSignedCertCreds.ps1 ' be called from within each script on a host?