Differences

This shows you the differences between the selected revisions of the page.

guide_protecting_credentials_for_automation 2023-11-07 guide_protecting_credentials_for_automation 2024-04-22 (current)
Line 29: Line 29:
</code> </code>
---- ----
-Another way is to store the password to a separate file and use ''-passwordsfromfiles'':+Another way is to store the password to a separate file and use [[scriptcommand_open#passwordsfromfiles|''-passwordsfromfiles'']]:
<code winscp> <code winscp>
open -password=C:\path\password.txt -passwordsfromfiles sftp://username@example.com/ open -password=C:\path\password.txt -passwordsfromfiles sftp://username@example.com/
Line 38: Line 38:
==== [[powershell]] PowerShell ==== ==== [[powershell]] PowerShell ====
-TEST +In [[library_powershell|PowerShell]] code using [[library|WinSCP .NET library]] you can use ''[[ps>microsoft.powershell.management/get-content|Get-Content]]'' cmdlet to read an XML configuration file. 
-HACKER+ 
 +For example with following %%XML%% configuration file (''config.xml''): 
 + 
 +<code xml> 
 +<Configuration> 
 +  <UserName>martin</UserName> 
 +  <Password>mypassword</Password> 
 +</Configuration> 
 +</code> 
 + 
 +use this PowerShell code to read and use it: 
 + 
 +<code powershell> 
 +# Read XML configuration file 
 +[xml]$config = Get-Content ".\config.xml" 
 + 
 +# Use read credentials 
 +$sessionOptions = New-Object WinSCP.SessionOptions -Property @{ 
 +    Protocol = [WinSCP.Protocol]::Sftp 
 +    HostName = "example.com" 
 +    UserName = $config.Configuration.UserName 
 +    Password = $config.Configuration.Password 
 +
 + 
 +... 
 +</code> 
 + 
 +You can also leverage Windows Data Protection API to encrypt the password in the %%XML%% file. 
 + 
 +If you want to encrypt the password within the configuration file, you can use use ''[[ps>microsoft.powershell.security/convertfrom-securestring|ConvertFrom-SecureString]]'' cmdlet. Put the following code to an ad-hoc script (or an interactive PowerShell console): 
 + 
 +<code powershell> 
 +Read-Host -AsSecureString | ConvertFrom-SecureString 
 +</code> 
 + 
 +A password encrypted this way can be decrypted by the same Windows account only. 
 + 
 +Store the encrypted password to the %%XML%% file instead of the plain-text one: 
 + 
 +<code xml> 
 +<Configuration> 
 +  <UserName>martin</UserName> 
 +  <Password>01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cf6dbc52515...</Password> 
 +</Configuration> 
 +</code> 
 + 
 +To decrypt the password, use ''[[ps>microsoft.powershell.security/convertto-securestring|ConvertTo-SecureString]]'' cmdlet and assign the resulting ''[[dotnet>system.security.securestring|SecureString]]'' to [[library_sessionoptions#securepassword|''SessionOptions.SecurePassword'']], instead of using plain text ''SessionOptions.Password'':
<code powershell> <code powershell>

Last modified: by 147.236.138.233