Differences
This shows you the differences between the selected revisions of the page.
| guide_protecting_credentials_for_automation 2023-11-07 | guide_protecting_credentials_for_automation 2024-04-22 (current) | ||
| Line 29: | Line 29: | ||
| </code> | </code> | ||
| ---- | ---- | ||
| - | Another way is to store the password to a separate file and use ''-passwordsfromfiles'': | + | Another way is to store the password to a separate file and use [[scriptcommand_open#passwordsfromfiles|''-passwordsfromfiles'']]: |
| <code winscp> | <code winscp> | ||
| open -password=C:\path\password.txt -passwordsfromfiles sftp://username@example.com/ | open -password=C:\path\password.txt -passwordsfromfiles sftp://username@example.com/ | ||
| Line 38: | Line 38: | ||
| ==== [[powershell]] PowerShell ==== | ==== [[powershell]] PowerShell ==== | ||
| - | TEST | + | In [[library_powershell|PowerShell]] code using [[library|WinSCP .NET library]] you can use ''[[ps>microsoft.powershell.management/get-content|Get-Content]]'' cmdlet to read an XML configuration file. |
| - | HACKER | + | |
| + | For example with following %%XML%% configuration file (''config.xml''): | ||
| + | |||
| + | <code xml> | ||
| + | <Configuration> | ||
| + | <UserName>martin</UserName> | ||
| + | <Password>mypassword</Password> | ||
| + | </Configuration> | ||
| + | </code> | ||
| + | |||
| + | use this PowerShell code to read and use it: | ||
| + | |||
| + | <code powershell> | ||
| + | # Read XML configuration file | ||
| + | [xml]$config = Get-Content ".\config.xml" | ||
| + | |||
| + | # Use read credentials | ||
| + | $sessionOptions = New-Object WinSCP.SessionOptions -Property @{ | ||
| + | Protocol = [WinSCP.Protocol]::Sftp | ||
| + | HostName = "example.com" | ||
| + | UserName = $config.Configuration.UserName | ||
| + | Password = $config.Configuration.Password | ||
| + | } | ||
| + | |||
| + | ... | ||
| + | </code> | ||
| + | |||
| + | You can also leverage Windows Data Protection API to encrypt the password in the %%XML%% file. | ||
| + | |||
| + | If you want to encrypt the password within the configuration file, you can use use ''[[ps>microsoft.powershell.security/convertfrom-securestring|ConvertFrom-SecureString]]'' cmdlet. Put the following code to an ad-hoc script (or an interactive PowerShell console): | ||
| + | |||
| + | <code powershell> | ||
| + | Read-Host -AsSecureString | ConvertFrom-SecureString | ||
| + | </code> | ||
| + | |||
| + | A password encrypted this way can be decrypted by the same Windows account only. | ||
| + | |||
| + | Store the encrypted password to the %%XML%% file instead of the plain-text one: | ||
| + | |||
| + | <code xml> | ||
| + | <Configuration> | ||
| + | <UserName>martin</UserName> | ||
| + | <Password>01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cf6dbc52515...</Password> | ||
| + | </Configuration> | ||
| + | </code> | ||
| + | |||
| + | To decrypt the password, use ''[[ps>microsoft.powershell.security/convertto-securestring|ConvertTo-SecureString]]'' cmdlet and assign the resulting ''[[dotnet>system.security.securestring|SecureString]]'' to [[library_sessionoptions#securepassword|''SessionOptions.SecurePassword'']], instead of using plain text ''SessionOptions.Password'': | ||
| <code powershell> | <code powershell> | ||