updates Readme (#69)
continuous-integration/drone/push Build is passing Details

#### 📖 Summary

- fix typos
- Updates several sections

#### 📑 Test Plan

> 💡 Select your test plan for the code changes.

- [x] Tested via Drone.io pipeline
- [ ] Custom test
- [ ] No test plan

##### Details / Justification

<!-- Add your test details or justification for missing tests here. -->

#### 📚 Additional Notes

<!-- A place for additional detail notes. -->

Co-authored-by: OCram85 <marco.blessing@googlemail.com>
Reviewed-on: #69
This commit is contained in:
OCram85 2022-07-28 10:41:46 +02:00
parent a95ba31e40
commit 5bdb383627
1 changed files with 41 additions and 24 deletions

View File

@ -5,7 +5,10 @@
<p align="center"> <p align="center">
<a href="https://gitea.ocram85.com/OCram85/PSCredentialStore/"> <a href="https://gitea.ocram85.com/OCram85/PSCredentialStore/">
<img src="https://gitea.ocram85.com/OCram85/PSCredentialStore/raw/branch/master/assets/social-logo.png" alt="PSCredentialStore" /> <img
src="https://gitea.ocram85.com/OCram85/PSCredentialStore/raw/branch/master/assets/social-logo.png"
alt="PSCredentialStore"
>
</a> </a>
</p> </p>
@ -19,7 +22,10 @@
<p align="center"> <p align="center">
<a href="https://drone.ocram85.com/OCram85/PSCredentialStore"> <a href="https://drone.ocram85.com/OCram85/PSCredentialStore">
<img src="https://drone.ocram85.com/api/badges/OCram85/PSCredentialStore/status.svg" alt="Master Branch Build Status"> <img
src="https://drone.ocram85.com/api/badges/OCram85/PSCredentialStore/status.svg"
alt="Master Branch Build Status"
>
</a> </a>
<!-- CodeCove disabled for self hosting git <!-- CodeCove disabled for self hosting git
<a href="https://codecov.io/gh/OCram85/PSCredentialStore"> <a href="https://codecov.io/gh/OCram85/PSCredentialStore">
@ -27,23 +33,30 @@
</a> </a>
--> -->
<a href="https://www.powershellgallery.com/packages/PSCredentialStore"> <a href="https://www.powershellgallery.com/packages/PSCredentialStore">
<img src="https://img.shields.io/powershellgallery/v/PSCredentialStore.svg?style=plastic" alt="PowershellGallery Published Version"> <img
src="https://img.shields.io/powershellgallery/v/PSCredentialStore.svg?style=plastic"
alt="PowershellGallery Published Version"
>
</a> </a>
<a href="https://www.powershellgallery.com/packages/PSCredentialStore"> <a href="https://www.powershellgallery.com/packages/PSCredentialStore">
<img src="https://img.shields.io/powershellgallery/vpre/PSCredentialStore.svg?label=latest%20preview&style=plastic" /> <img
src="https://img.shields.io/powershellgallery/vpre/PSCredentialStore.svg?label=latest%20preview&style=plastic"
>
</a> </a>
<a href="https://www.powershellgallery.com/packages/PSCredentialStore"> <a href="https://www.powershellgallery.com/packages/PSCredentialStore">
<img src="https://img.shields.io/powershellgallery/dt/PSCredentialStore.svg?style=plastic" /> <img
src="https://img.shields.io/powershellgallery/dt/PSCredentialStore.svg?style=plastic"
>
</a> </a>
</p> </p>
## :key: General ## :key: General
The PSCredentialStore is a simple credential manager for `PSCredential` objects. It stores PSCredentials in a simple json The PSCredentialStore is a simple credential manager for `PSCredential` objects. It stores PSCredentials in a simple
file. You can choose between a private and shared credential store. The private one exists in your profile and can json file. You can choose between a private and shared credential store. The private one exists in your profile and
ony accessed by your account on the same machine. The shared store enables you to use different credentials for your can ony accessed by your account on the same machine. The shared store enables you to use different credentials for
scripts without exposing them as plain text. your scripts without exposing them as plain text.
PSCredentialStore was developed to simplify the delegation of complex powershell scripts. In this case you often PSCredentialStore was developed to simplify the delegation of complex powershell scripts. In this case you often
need to store credentials for non interactive usage like in scheduled tasks. need to store credentials for non interactive usage like in scheduled tasks.
@ -51,10 +64,10 @@ need to store credentials for non interactive usage like in scheduled tasks.
Starting with version `1.0.0` PSCredential uses Pfx certificates fo encryption. You can use Pfx certificate files Starting with version `1.0.0` PSCredential uses Pfx certificates fo encryption. You can use Pfx certificate files
or certificates stored in the certificate store. or certificates stored in the certificate store.
For more details read the [about_PSCredentialStore](/docs/about_PSCredentialStore.md) page on gitea or via CLI with For more details read the [about_PSCredentialStore](docs/about_PSCredentialStore.md) page on Gitea or via CLI with
`Get-Help about_PSCredentialStore`. `Get-Help about_PSCredentialStore`.
You can find the [reference](/docs/PSCredentialStore.md) in the /docs/ path as well. You can find the full [reference](docs/Readme.md) in the */docs/* path as well.
## :vulcan_salute: Requirements ## :vulcan_salute: Requirements
@ -63,24 +76,26 @@ You can find the [reference](/docs/PSCredentialStore.md) in the /docs/ path as w
## :bomb: About Security ## :bomb: About Security
>This section explains some security topics and the the design decisions we made to balance the usage and security needs. > This section explains some security topics and the design decisions we made to balance the usage and security needs.
To be able to delegate `PSCredentials` objects we can't exclusively rely on the `SecureString` cmdlets. You can't To be able to delegate `PSCredentials` objects we can't exclusively rely on the `SecureString` cmdlets. You can't
decrypt and reuse such credentials from a different user account or even machine. This is caused by automatically decrypt and reuse such credentials from a different user account or even machine. This is caused by automatically
generated encryption key which, is used create a `Secure String` based encrypted string. generated encryption key, which is used create a `Secure String` based encrypted string.
In order to delegate a password, while still using the underlying security framework, we have to provide a custom In order to delegate a password, while still using the underlying security framework, we have to provide a custom
encryption key. This leads to the fact, that everyone who has access to the key could encrypt or decrypt your data. encryption key. This leads to the fact, that everyone who has access to the key could encrypt or decrypt your data.
So we decided to use the public and private keys from valid certificates as part of the custom encryption keys to encrypt your data. So we decided to use the public and private keys from valid certificates as part of the custom encryption keys to
encrypt your data.
This means clearly: Everyone who has access to the `CredentialStore` needs also access to the certificate file to work with it. This means clearly: Everyone who has access to the `CredentialStore` needs also access to the certificate file to
work with it.
Keep in mind you need to secure the access with your NTFS file permissions to avoid unwanted usage. Another option is Keep in mind you need to secure the access with your NTFS file permissions to avoid unwanted usage. Another option
to import the certificate into your certification vaults of you operating system. In this case you can grand the is to import the certificate into your certification vaults of you operating system. In this case you can grand the
permission to the certificates itself. permission to the certificates itself.
Here is s brief hierarchy description of the certificate location: *(First match wins)* Here is a brief hierarchy description for the certificate lookup order: *(First match wins)*
| CredentialStore Type | Certificate Location | | CredentialStore Type | Certificate Location |
| -------------------- | ---------------------- | | -------------------- | ---------------------- |
@ -95,9 +110,9 @@ Here is s brief hierarchy description of the certificate location: *(First match
### :artificial_satellite: PowerShellGallery.com (Recommended Way) ### :artificial_satellite: PowerShellGallery.com (Recommended Way)
* Make sure you use PowerShell 5.1 or higher with `$PSVersionTable`. * Make sure you use PowerShell 5.1 or higher with `$PSVersionTable`.
* Use the builtin PackageManagement and install with: `Import-Module PowerShellGet; Install-Module 'PSCredentialStore' -Repository 'PSGallery'` * Use the builtin PackageManagement + PowerShellGet module and install PSCredentialStore with: `Import-Module PowerShellGet; Install-Module 'PSCredentialStore' -Repository 'PSGallery'`
* Additionally use the `-AllowPrerelease` switch until we publish the final release! * Additionally use the `-AllowPrerelease` switch until we publish the final release!
* Done. Start exploring the Module with `Import-Module PSCredentialStore ; Get-Command -Module PSCredentialStore` * Done. Start exploring the Module with `Import-Module PSCredentialStore; Get-Command -Module PSCredentialStore`
### :building_construction: Manual Way ### :building_construction: Manual Way
@ -109,8 +124,9 @@ Here is s brief hierarchy description of the certificate location: *(First match
### :sparkles: Quick Start ### :sparkles: Quick Start
**1.** First we need a blank credential store. You can decide between a *private* or *shared* store. The private **1.** First we need a blank credential store. You can decide between a *private* or *shared* one.
Credential Store can only be accessed with your profile on the machine you created it.
> :bulb: Note: The private credential store can only be accessed with your profile on the machine you created it.
Starting with version `1.0.0` you can decide the storage type of your fresh created certificate. As default Starting with version `1.0.0` you can decide the storage type of your fresh created certificate. As default
PSCredentialStore creates a new pfx certificate file beside the credential store itself. Optionally you can provide PSCredentialStore creates a new pfx certificate file beside the credential store itself. Optionally you can provide
@ -126,11 +142,12 @@ New-CredentialStore -UseCertStore
# Shared credential store # Shared credential store
New-CredentialStore -Shared New-CredentialStore -Shared
#Shared credential store in custom location # Shared credential store in custom location
New-CredentialStore -Shared -Path 'C:\CredentialStore.json' New-CredentialStore -Shared -Path 'C:\CredentialStore.json'
``` ```
**2.** Now you can manage your credential store items: **2.** Now you can manage your credential store items:
```powershell ```powershell
# This will prompt for credentials and stores it in a private store # This will prompt for credentials and stores it in a private store
New-CredentialStoreItem -RemoteHost 'dc01.myside.local' -Identifier 'AD' New-CredentialStoreItem -RemoteHost 'dc01.myside.local' -Identifier 'AD'
@ -141,7 +158,7 @@ Invoke-Command -ComputerName 'dc01.myside.local' -Credential $DCCreds -ScripBloc
``` ```
The credential store contains also a simple function to establish a connection with several systems or protocols. The credential store contains also a simple function to establish a connection with several systems or protocols.
If you have already installed the underlying framework / modules, you can connect these endpoints: If you have already installed the underlying framework / modules, you can connect to these endpoint types:
* **CiscoUcs** - Establish a connection to a Cisco UCS fabric interconnect. * **CiscoUcs** - Establish a connection to a Cisco UCS fabric interconnect.
* Required Modules: [`Cisco.UCS.Core`, `Cisco.UCSManager`](https://software.cisco.com/download/release.html?i=!y&mdfid=286305108&softwareid=284574017&release=2.1.1) * Required Modules: [`Cisco.UCS.Core`, `Cisco.UCSManager`](https://software.cisco.com/download/release.html?i=!y&mdfid=286305108&softwareid=284574017&release=2.1.1)