PowerShell.org Logo

PowerShell.org

Community Hub

Articles

PowerShell articles, tutorials, and guides from community experts.

Eric Brookman (scriptingcaveman)
PowerShell for Admins

Keeping Your Secrets Secure

Azure Key Vault: Keeping your Secrets Secure
I was tasked with creating a PowerShell script that would connect to a SFTP server and place a file. I immediately jumped at the opportunity and started thinking about what all I would need to accomplish this task. I knew I needed the script to be as secure as possible, but also knew I needed the username, password, and a key file so I could connect securely to the SFTP site. This brought up a number of security concerns. How could I be fully automated and not put that sensitive information in plain text in my script. Immediately I went to Powershell.org and started searching for ideas. I found there were a couple of really good ideas for securing this kind of data using built in encryption ( Protect-CMSMessage) and an extension that Dave Wyatt created, ProtectedData ( https://github.com/dlwyatt/ProtectedData). I spent numerous hours scraping through documentation from both sources. At the end of my quest through the wonderful world encryption, I ended up with the same problem. The decryption key and the data were still on the server and I had no way of monitoring its use. I started looking at third party key vaults. They would allow me to secure my data, log when it was accessed, and provide me the data easily when called through a REST API. The only thing was I was on a budget and very short timeline so I couldn’t write the PowerShell connector to the API. What a bust!
Alas! I found a Key Vault that not only had a REST API but had native PowerShell commandlets. Thanks, Microsoft! I started asking, what can I put in the vault and call from my script? I quickly discovered everything!
I created a key vault and started populating the data I wanted to secure. I chose to use Secrets to hold my username, password, SFTP server IP address, and Private Key. I connected to my Azure RM Account using my username / password. Using the built in commandlets, I would be able to pull the data I wanted. Obviously, I would need the server address:

Read More
Don Jones
PowerShell for Admins

“The DSC Book” now Open Source!

“The DSC Book” is now open source! It remains available at Leanpub, but the source is now at https://github.com/dsccommunity/TheDSCBook. Everyone is invited to contribute corrections and expansions, and the results will publish roughly monthly on Leanpub. In addition, the book is now $0 on Leanpub, although you may choose to pay whatever you like, with all proceeds going to The DevOps Collective’s scholarship programs.

Read More