Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

You have removed the [xml] declaration from this line:
[xml]$config = Get-Content ".\config.xml"

That's what breaks the script.

And yes, you can of course set any property using this method. Those are just plain string values, there's no magic.
Guest

Hi Martin,
Apologies, I’m following this article:
Protecting credentials used for automation
I’m using PowerShell and the ConvertFrom-SecureString method to encrypt the password in the XML file.
Here’s the contents of my configuration file:
<Configuration>
<UserName>myuser</UserName>
<Password>encrypted-password</Password>
</Configuration>

Here are the contents of my PowerShell script:
# Import the WinSCP assembly
Add-Type -Path "C:\Program Files (x86)\WinSCP\WinSCPnet.dll" # Modify the path as per your WinSCP installation location
 
$config = Get-Content "C:\Temp\config.xml"
 
# Configure WinSCP session options
$sessionOptions = New-Object WinSCP.SessionOptions -Property @{
   Protocol = [WinSCP.Protocol]::Sftp
   HostName = "sftp.myserver.com"
   UserName = $config.Configuration.UserName
   SecurePassword = ConvertTo-SecureString $config.Configuration.Password
   SshHostKeyFingerprint = "MySSHHostKeyFingerprint"
}
 
# Initialize a WinSCP session
$session = New-Object WinSCP.Session
 
# Open the WinSCP session with the specified session options
$session.Open($sessionOptions)

When running this I get the following output:

ConvertTo-SecureString : Cannot bind argument to parameter 'String' because it is null.
At C:\sftp.ps1:12 char:45
+ ... ecurePassword = ConvertTo-SecureString $config.Configuration.Password
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [ConvertTo-SecureString], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand

Exception calling "Open" with "1" argument(s): "SessionOptions.Password is set, but SessionOptions.UserName is not."
At C:\sftp.ps1:21 char:1
+ $session.Open($sessionOptions)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ArgumentException

The password isn’t being picked up from the config.xml file
The UserName isn’t being picked up from the config.xml file

When I use the plain text password method I get the following:

Exception calling "Open" with "1" argument(s): "SessionOptions.Password is set, but SessionOptions.UserName is not."
At C:\sftp.ps1:21 char:1
+ $session.Open($sessionOptions)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ArgumentException

In this instance just the following issue:
The UserName isn’t being picked up from the config.xml file

So to sumarise, I require some assistance to understand why:
The UserName isn’t being set
The SecurePassword method isn’t working.
Additionally, just a minor query, is it possible to store other parameters such as HostName and SshHostkeyFingerprint in the config.xml file?
martin

Re: martin

@asad: What "this"? If you need our help, we need more information than just an error message.
asad

martin

@martin Are you sure this works because I get the error below:
Exception calling "Open" with "1" argument(s): "SessionOptions.Password is set, but SessionOptions.UserName is not."
At C:\Temp\KKremoteConfig.ps1:17 char:1
+ $session.Open($sessionOptions)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ArgumentException

Also, is it possible to encrypt the hostname and SSH fingerprint?
martin

Re: Protecting credentials used for automation

I have updated the article for more clarity.

For a more specific example of use of the Read-Host ..., see also the C# section of the article.
BR365

Protecting credentials used for automation

Hello,
I've already read the information about the Protecting of credentials. But I still don't know exactly how to put all this together.

At the moment, I have a batch file and a config file. The Batch is defining some standard path informations and the config file manages the SFTP transfer.

I also understand how to encrypt the password and created an XML file as shown in the example with the encrypted password.

But how can I now use this part:
# Read XML configuration file
[xml]$config = Get-Content ".\config.xml"
 
# Use read credentials
$sessionOptions = New-Object WinSCP.SessionOptions -Property @{
    Protocol = [WinSCP.Protocol]::Sftp
    HostName = "example.com"
    UserName = $config.Configuration.UserName
    Password = $config.Configuration.Password
}

and
Read-Host -AsSecureString | ConvertFrom-SecureString

and
$sessionOptions.SecurePassword = ConvertTo-SecureString $config.Configuration.Password

Can someone provide me a complete example, not only these fragments?

Thanks,
Moritz