Handling Sensitive Data With Powershell

Adam Bertram shows off the data protection API in Powershell:

We need to automatically read this information without our intervention. This is where you sometimes see people get lazy and add passwords in plain text into the script. That’s a big no-no, and there’s a better way.

 PowerShell has native support for something called the data protection API (DPAPI). DPAPI is a built-in way Windows users can use certificates to encrypt and decrypt information on the fly which is perfect for PowerShell scripting. No username and password required. We simply need a certificate installed which can be self-signed.

This is about much more than storing and decoding passwords, so check it out.

Related Posts

Watch Those Powershell Shell Versions

Emin Atac reviews a couple of 64- versus 32-bit Powershell oddities: Context My colleagues send an message with a link that points to a script located on a shared drive to help our users reinstall their software. Our users just click on the link in their Outlook and got a message saying: \\servername.fqdn\share\softwarename\install.ps1 cannot be […]

Read More

Simplified Disaster Recovery With dbatools

Chrissy LeMaire shows how you can make DR a lot easier with dbatools: When we talk about Disaster Recovery or DR, it’s often coupled with the term High Availability or HA. Here are some definitions from my graduate course on HADR. high availability Deals with minor outages, and failover solutions are automated The goal is to restore full […]

Read More

Categories

August 2017
MTWTFSS
« Jul Sep »
 123456
78910111213
14151617181920
21222324252627
28293031