本文介绍了如何在PowerShell中安全地处理和存储密码,包括使用PSCredential对象、Read-Host、Get-Credential命令以及SecureString转换。通过示例展示了如何创建、加密和解密密码,以提高安全性。
介绍 (Introduction)
Do you have processes or scripts that require you to provide a password? Against the desires of your security officer, do you have to save those passwords in plain text, in your scripts? PowerShell offers a way that you can store a password or prompt the user for the information. You can then utilize that information to build what is known as a PSCredential. The majority of commands for PowerShell that support remote connections to servers (WMI, CIM, Invoke-Command, etc.), offer the ability to pass in a credential. While some only need the password, some need the full object to authenticate a user. This object in PowerShell can be made a few different ways based on your needs. I will go over a few options that are commonly used, but first lets discuss what makes up a PSCredential.
是否有要求您提供密码的流程或脚本? 违反安全人员的要求,您是否必须将这些密码以纯文本格式保存在脚本中? PowerShell提供了一种存储密码或提示用户输入信息的方法。 然后,您可以利用该信息来构建所谓的PSCredential。 PowerShell的大多数命令都支持到服务器的远程连接(WMI,CIM,Invoke-Command等),提供了传递凭据的功能。 虽然有些只需要密码,但有些则需要完整的对象来认证用户。 可以根据需要以几种不同的方式将PowerShell中的此对象制成。 我将介绍一些常用的选项,但首先让我们讨论组成PSCredential的内容。
PSC凭证 (PSCredential)
The full type is “System.Management.Automation.PSCredential” object. Commands that utilize a “-Credential” parameter will generally require this type to be passed in. You have a few different ways to go about it based on your needs. Each method generally lines up to two different scenarios: interactive or automated. The PSCredential object requires two arguments:
完整类型为“ System.Management.Automation.PSCredential”对象。 使用“ -Credential”参数的命令通常需要传递此类型。根据您的需要,您可以通过几种不同的方式进行处理。 每种方法通常最多可列出两种不同的方案:交互式或自动化。 PSCredential对象需要两个参数:
- UserName (System.String) 用户名(System.String)
- Password (System.Security.SecureString) 密码(System.Security.SecureString)
The username is pretty obvious, but that password is not just a string value. You cannot just take a string and declare it as a SecureString. In order to even build a SecureString means you have to provide a password. Based on how you do this it can pose a security risk in most environments, because you either pass in (or store) your password in plain text. When you are working with passwords in PowerShell it is best to obfuscate your password to protect against those folks with wandering eyes. PowerShell offers a few different options to hide the password. I will go over these below and provide a few examples.
用户名很明显,但是该密码不仅仅是一个字符串值。 您不能只接受字符串并将其声明为SecureString。 为了构建SecureString,还必须提供密码。 根据您的操作方式,它可能会在大多
最低0.47元/天 解锁文章
扫一扫
319
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
