Compare commits
No commits in common. "master" and "v1.1.0-dev4" have entirely different histories.
master
...
v1.1.0-dev
@ -1,32 +0,0 @@
|
|||||||
# The full repository name
|
|
||||||
repo: OCram85/PSCredentialStore
|
|
||||||
|
|
||||||
# Service type (gitea or github)
|
|
||||||
service: gitea
|
|
||||||
|
|
||||||
# Base URL for Gitea instance if using gitea service type (optional)
|
|
||||||
# Default: https://gitea.com
|
|
||||||
base-url: https://gitea.ocram85.com
|
|
||||||
|
|
||||||
# Changelog groups and which labeled PRs to add to each group
|
|
||||||
groups:
|
|
||||||
- name: ✨ FEATURES
|
|
||||||
labels:
|
|
||||||
- feature
|
|
||||||
- name: 📦 META
|
|
||||||
labels:
|
|
||||||
- meta
|
|
||||||
- name: 🐛 BUGFIXES
|
|
||||||
labels:
|
|
||||||
- bug
|
|
||||||
- name: 🛠️ ENHANCEMENTS
|
|
||||||
labels:
|
|
||||||
- enhancement
|
|
||||||
- name: 📚 DOCS
|
|
||||||
labels:
|
|
||||||
- docs
|
|
||||||
- name: 🔖 MISC
|
|
||||||
default: true
|
|
||||||
|
|
||||||
# regex indicating which labels to skip for the changelog
|
|
||||||
skip-labels: skip-changelog|backport\/.+
|
|
@ -120,7 +120,7 @@ steps:
|
|||||||
Install-Module -Name 'DroneHelper' -Repository 'PSGallery' -ErrorAction 'Stop' -AllowPrerelease -Force;
|
Install-Module -Name 'DroneHelper' -Repository 'PSGallery' -ErrorAction 'Stop' -AllowPrerelease -Force;
|
||||||
Import-Module -Name 'DroneHelper' -ErrorAction 'Stop';
|
Import-Module -Name 'DroneHelper' -ErrorAction 'Stop';
|
||||||
Install-ModuleDependency;
|
Install-ModuleDependency;
|
||||||
New-BuildPackage -Verbose -AdditionalPath @('./src/Vendor', './src/openssl.conf')
|
New-BuildPackage -Verbose
|
||||||
}"
|
}"
|
||||||
|
|
||||||
- name: GiteaRelease
|
- name: GiteaRelease
|
||||||
|
1
.gitattributes
vendored
1
.gitattributes
vendored
@ -21,5 +21,4 @@
|
|||||||
|
|
||||||
# Vendor resources config
|
# Vendor resources config
|
||||||
src/Vendor/libressl255/* filter=lfs diff=lfs merge=lfs -text
|
src/Vendor/libressl255/* filter=lfs diff=lfs merge=lfs -text
|
||||||
src/Vendor/libressl/* filter=lfs diff=lfs merge=lfs -text
|
|
||||||
*.pfx filter=lfs diff=lfs merge=lfs -text
|
*.pfx filter=lfs diff=lfs merge=lfs -text
|
||||||
|
41
CHANGELOG.md
41
CHANGELOG.md
@ -1,41 +0,0 @@
|
|||||||
# Changelog
|
|
||||||
|
|
||||||
<!-- insertMark -->
|
|
||||||
## [v1.1.1](https://gitea.ocram85.com/OCram85/PSCredentialStore/releases/tag/v1.1.1) - 2022-10-10
|
|
||||||
|
|
||||||
* 📦 META
|
|
||||||
* Adds changelog config for gitea changelog cli tool (#77)
|
|
||||||
* 🐛 BUGFIXES
|
|
||||||
* Fix Set-CredentialStoreItem (#76)
|
|
||||||
* Fix optional module dependencies (#75)
|
|
||||||
|
|
||||||
### Contributors
|
|
||||||
|
|
||||||
|
|
||||||
* [@OCram85](https://gitea.ocram85.com/OCram85)
|
|
||||||
* [@pinguinfuss](https://gitea.ocram85.com/pinguinfuss)
|
|
||||||
|
|
||||||
## `v1.1.0`
|
|
||||||
|
|
||||||
- (3d4f53d) adds pinguinfuss contributed fix (#73)
|
|
||||||
- (6fce8d6) Updates libressl files (#71)
|
|
||||||
- (ddb85d9) addChangelog (#70)
|
|
||||||
- (5bdb383) updates Readme (#69)
|
|
||||||
- (a95ba31) remove optional depenency helper (#68)
|
|
||||||
- (1e7dd78) adds CiscoUCSCentral connection type (#67)
|
|
||||||
- (b76668c) fix Test-CredentialStoreItem return (#66)
|
|
||||||
- (ae62ccc) switch to GNU AGPLv3 license (#64)
|
|
||||||
- (a66e824) adds community contribution for CiscoUCS connection fix (#63)
|
|
||||||
- (3d90d91) fix lint (PSScriptAnalyzer) issues (#62)
|
|
||||||
- (d0b7e53) adds DroneHelper (#61)
|
|
||||||
- (d4b00a5) Migrates to Pester5+ tests (#59)
|
|
||||||
- (e340466) update references (#60)
|
|
||||||
- (88743e9) fix pester verbosity config (#58)
|
|
||||||
- (c31ee79) Update issue templates (#57)
|
|
||||||
- (c45490a) Update issue templates (#56)
|
|
||||||
- (4abfec5) adds PR template (#55)
|
|
||||||
- (7708df9) Update pwsh style to latest community standards (#52)
|
|
||||||
|
|
||||||
## `v1.0.542`
|
|
||||||
|
|
||||||
- 🧙 pre migrated Gitea version
|
|
65
README.md
65
README.md
@ -5,10 +5,7 @@
|
|||||||
|
|
||||||
<p align="center">
|
<p align="center">
|
||||||
<a href="https://gitea.ocram85.com/OCram85/PSCredentialStore/">
|
<a href="https://gitea.ocram85.com/OCram85/PSCredentialStore/">
|
||||||
<img
|
<img src="https://gitea.ocram85.com/OCram85/PSCredentialStore/raw/branch/master/assets/social-logo.png" alt="PSCredentialStore" />
|
||||||
src="https://gitea.ocram85.com/OCram85/PSCredentialStore/raw/branch/master/assets/social-logo.png"
|
|
||||||
alt="PSCredentialStore"
|
|
||||||
>
|
|
||||||
</a>
|
</a>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
@ -22,10 +19,7 @@
|
|||||||
|
|
||||||
<p align="center">
|
<p align="center">
|
||||||
<a href="https://drone.ocram85.com/OCram85/PSCredentialStore">
|
<a href="https://drone.ocram85.com/OCram85/PSCredentialStore">
|
||||||
<img
|
<img src="https://drone.ocram85.com/api/badges/OCram85/PSCredentialStore/status.svg" alt="Master Branch Build Status">
|
||||||
src="https://drone.ocram85.com/api/badges/OCram85/PSCredentialStore/status.svg"
|
|
||||||
alt="Master Branch Build Status"
|
|
||||||
>
|
|
||||||
</a>
|
</a>
|
||||||
<!-- CodeCove disabled for self hosting git
|
<!-- CodeCove disabled for self hosting git
|
||||||
<a href="https://codecov.io/gh/OCram85/PSCredentialStore">
|
<a href="https://codecov.io/gh/OCram85/PSCredentialStore">
|
||||||
@ -33,30 +27,23 @@
|
|||||||
</a>
|
</a>
|
||||||
-->
|
-->
|
||||||
<a href="https://www.powershellgallery.com/packages/PSCredentialStore">
|
<a href="https://www.powershellgallery.com/packages/PSCredentialStore">
|
||||||
<img
|
<img src="https://img.shields.io/powershellgallery/v/PSCredentialStore.svg?style=plastic" alt="PowershellGallery Published Version">
|
||||||
src="https://img.shields.io/powershellgallery/v/PSCredentialStore.svg?style=plastic"
|
|
||||||
alt="PowershellGallery Published Version"
|
|
||||||
>
|
|
||||||
</a>
|
</a>
|
||||||
<a href="https://www.powershellgallery.com/packages/PSCredentialStore">
|
<a href="https://www.powershellgallery.com/packages/PSCredentialStore">
|
||||||
<img
|
<img src="https://img.shields.io/powershellgallery/vpre/PSCredentialStore.svg?label=latest%20preview&style=plastic" />
|
||||||
src="https://img.shields.io/powershellgallery/vpre/PSCredentialStore.svg?label=latest%20preview&style=plastic"
|
|
||||||
>
|
|
||||||
</a>
|
</a>
|
||||||
<a href="https://www.powershellgallery.com/packages/PSCredentialStore">
|
<a href="https://www.powershellgallery.com/packages/PSCredentialStore">
|
||||||
<img
|
<img src="https://img.shields.io/powershellgallery/dt/PSCredentialStore.svg?style=plastic" />
|
||||||
src="https://img.shields.io/powershellgallery/dt/PSCredentialStore.svg?style=plastic"
|
|
||||||
>
|
|
||||||
</a>
|
</a>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
|
||||||
## :key: General
|
## :key: General
|
||||||
|
|
||||||
The PSCredentialStore is a simple credential manager for `PSCredential` objects. It stores PSCredentials in a simple
|
The PSCredentialStore is a simple credential manager for `PSCredential` objects. It stores PSCredentials in a simple json
|
||||||
json file. You can choose between a private and shared credential store. The private one exists in your profile and
|
file. You can choose between a private and shared credential store. The private one exists in your profile and can
|
||||||
can ony accessed by your account on the same machine. The shared store enables you to use different credentials for
|
ony accessed by your account on the same machine. The shared store enables you to use different credentials for your
|
||||||
your scripts without exposing them as plain text.
|
scripts without exposing them as plain text.
|
||||||
|
|
||||||
PSCredentialStore was developed to simplify the delegation of complex powershell scripts. In this case you often
|
PSCredentialStore was developed to simplify the delegation of complex powershell scripts. In this case you often
|
||||||
need to store credentials for non interactive usage like in scheduled tasks.
|
need to store credentials for non interactive usage like in scheduled tasks.
|
||||||
@ -64,10 +51,10 @@ need to store credentials for non interactive usage like in scheduled tasks.
|
|||||||
Starting with version `1.0.0` PSCredential uses Pfx certificates fo encryption. You can use Pfx certificate files
|
Starting with version `1.0.0` PSCredential uses Pfx certificates fo encryption. You can use Pfx certificate files
|
||||||
or certificates stored in the certificate store.
|
or certificates stored in the certificate store.
|
||||||
|
|
||||||
For more details read the [about_PSCredentialStore](docs/about_PSCredentialStore.md) page on Gitea or via CLI with
|
For more details read the [about_PSCredentialStore](/docs/about_PSCredentialStore.md) page on gitea or via CLI with
|
||||||
`Get-Help about_PSCredentialStore`.
|
`Get-Help about_PSCredentialStore`.
|
||||||
|
|
||||||
You can find the full [reference](docs/Readme.md) in the */docs/* path as well.
|
You can find the [reference](/docs/PSCredentialStore.md) in the /docs/ path as well.
|
||||||
|
|
||||||
## :vulcan_salute: Requirements
|
## :vulcan_salute: Requirements
|
||||||
|
|
||||||
@ -76,26 +63,24 @@ You can find the full [reference](docs/Readme.md) in the */docs/* path as well.
|
|||||||
|
|
||||||
## :bomb: About Security
|
## :bomb: About Security
|
||||||
|
|
||||||
> This section explains some security topics and the design decisions we made to balance the usage and security needs.
|
>This section explains some security topics and the the design decisions we made to balance the usage and security needs.
|
||||||
|
|
||||||
To be able to delegate `PSCredentials` objects we can't exclusively rely on the `SecureString` cmdlets. You can't
|
To be able to delegate `PSCredentials` objects we can't exclusively rely on the `SecureString` cmdlets. You can't
|
||||||
decrypt and reuse such credentials from a different user account or even machine. This is caused by automatically
|
decrypt and reuse such credentials from a different user account or even machine. This is caused by automatically
|
||||||
generated encryption key, which is used create a `Secure String` based encrypted string.
|
generated encryption key which, is used create a `Secure String` based encrypted string.
|
||||||
|
|
||||||
In order to delegate a password, while still using the underlying security framework, we have to provide a custom
|
In order to delegate a password, while still using the underlying security framework, we have to provide a custom
|
||||||
encryption key. This leads to the fact, that everyone who has access to the key could encrypt or decrypt your data.
|
encryption key. This leads to the fact, that everyone who has access to the key could encrypt or decrypt your data.
|
||||||
|
|
||||||
So we decided to use the public and private keys from valid certificates as part of the custom encryption keys to
|
So we decided to use the public and private keys from valid certificates as part of the custom encryption keys to encrypt your data.
|
||||||
encrypt your data.
|
|
||||||
|
|
||||||
This means clearly: Everyone who has access to the `CredentialStore` needs also access to the certificate file to
|
This means clearly: Everyone who has access to the `CredentialStore` needs also access to the certificate file to work with it.
|
||||||
work with it.
|
|
||||||
|
|
||||||
Keep in mind you need to secure the access with your NTFS file permissions to avoid unwanted usage. Another option
|
Keep in mind you need to secure the access with your NTFS file permissions to avoid unwanted usage. Another option is
|
||||||
is to import the certificate into your certification vaults of you operating system. In this case you can grand the
|
to import the certificate into your certification vaults of you operating system. In this case you can grand the
|
||||||
permission to the certificates itself.
|
permission to the certificates itself.
|
||||||
|
|
||||||
Here is a brief hierarchy description for the certificate lookup order: *(First match wins)*
|
Here is s brief hierarchy description of the certificate location: *(First match wins)*
|
||||||
|
|
||||||
| CredentialStore Type | Certificate Location |
|
| CredentialStore Type | Certificate Location |
|
||||||
| -------------------- | ---------------------- |
|
| -------------------- | ---------------------- |
|
||||||
@ -110,9 +95,9 @@ Here is a brief hierarchy description for the certificate lookup order: *(First
|
|||||||
### :artificial_satellite: PowerShellGallery.com (Recommended Way)
|
### :artificial_satellite: PowerShellGallery.com (Recommended Way)
|
||||||
|
|
||||||
* Make sure you use PowerShell 5.1 or higher with `$PSVersionTable`.
|
* Make sure you use PowerShell 5.1 or higher with `$PSVersionTable`.
|
||||||
* Use the builtin PackageManagement + PowerShellGet module and install PSCredentialStore with: `Import-Module PowerShellGet; Install-Module 'PSCredentialStore' -Repository 'PSGallery'`
|
* Use the builtin PackageManagement and install with: `Import-Module PowerShellGet; Install-Module 'PSCredentialStore' -Repository 'PSGallery'`
|
||||||
* Additionally use the `-AllowPrerelease` switch until we publish the final release!
|
* Additionally use the `-AllowPrerelease` switch until we publish the final release!
|
||||||
* Done. Start exploring the Module with `Import-Module PSCredentialStore; Get-Command -Module PSCredentialStore`
|
* Done. Start exploring the Module with `Import-Module PSCredentialStore ; Get-Command -Module PSCredentialStore`
|
||||||
|
|
||||||
### :building_construction: Manual Way
|
### :building_construction: Manual Way
|
||||||
|
|
||||||
@ -124,9 +109,8 @@ Here is a brief hierarchy description for the certificate lookup order: *(First
|
|||||||
|
|
||||||
### :sparkles: Quick Start
|
### :sparkles: Quick Start
|
||||||
|
|
||||||
**1.** First we need a blank credential store. You can decide between a *private* or *shared* one.
|
**1.** First we need a blank credential store. You can decide between a *private* or *shared* store. The private
|
||||||
|
Credential Store can only be accessed with your profile on the machine you created it.
|
||||||
> :bulb: Note: The private credential store can only be accessed with your profile on the machine you created it.
|
|
||||||
|
|
||||||
Starting with version `1.0.0` you can decide the storage type of your fresh created certificate. As default
|
Starting with version `1.0.0` you can decide the storage type of your fresh created certificate. As default
|
||||||
PSCredentialStore creates a new pfx certificate file beside the credential store itself. Optionally you can provide
|
PSCredentialStore creates a new pfx certificate file beside the credential store itself. Optionally you can provide
|
||||||
@ -142,12 +126,11 @@ New-CredentialStore -UseCertStore
|
|||||||
# Shared credential store
|
# Shared credential store
|
||||||
New-CredentialStore -Shared
|
New-CredentialStore -Shared
|
||||||
|
|
||||||
# Shared credential store in custom location
|
#Shared credential store in custom location
|
||||||
New-CredentialStore -Shared -Path 'C:\CredentialStore.json'
|
New-CredentialStore -Shared -Path 'C:\CredentialStore.json'
|
||||||
```
|
```
|
||||||
|
|
||||||
**2.** Now you can manage your credential store items:
|
**2.** Now you can manage your credential store items:
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
# This will prompt for credentials and stores it in a private store
|
# This will prompt for credentials and stores it in a private store
|
||||||
New-CredentialStoreItem -RemoteHost 'dc01.myside.local' -Identifier 'AD'
|
New-CredentialStoreItem -RemoteHost 'dc01.myside.local' -Identifier 'AD'
|
||||||
@ -158,7 +141,7 @@ Invoke-Command -ComputerName 'dc01.myside.local' -Credential $DCCreds -ScripBloc
|
|||||||
```
|
```
|
||||||
|
|
||||||
The credential store contains also a simple function to establish a connection with several systems or protocols.
|
The credential store contains also a simple function to establish a connection with several systems or protocols.
|
||||||
If you have already installed the underlying framework / modules, you can connect to these endpoint types:
|
If you have already installed the underlying framework / modules, you can connect these endpoints:
|
||||||
|
|
||||||
* **CiscoUcs** - Establish a connection to a Cisco UCS fabric interconnect.
|
* **CiscoUcs** - Establish a connection to a Cisco UCS fabric interconnect.
|
||||||
* Required Modules: [`Cisco.UCS.Core`, `Cisco.UCSManager`](https://software.cisco.com/download/release.html?i=!y&mdfid=286305108&softwareid=284574017&release=2.1.1)
|
* Required Modules: [`Cisco.UCS.Core`, `Cisco.UCSManager`](https://software.cisco.com/download/release.html?i=!y&mdfid=286305108&softwareid=284574017&release=2.1.1)
|
||||||
|
@ -66,7 +66,7 @@ function New-CSCertificate {
|
|||||||
($PSVersionTable.PSEdition -eq 'Desktop' -and $PSVersionTable.PSVersion.Major -lt 6) -or
|
($PSVersionTable.PSEdition -eq 'Desktop' -and $PSVersionTable.PSVersion.Major -lt 6) -or
|
||||||
($IsWindows -eq $true)
|
($IsWindows -eq $true)
|
||||||
) {
|
) {
|
||||||
$openssl = Join-Path -Path $ModuleBase -ChildPath '/Vendor/libressl/openssl.exe'
|
$openssl = Join-Path -Path $ModuleBase -ChildPath '/Vendor/libressl255/openssl.exe'
|
||||||
}
|
}
|
||||||
|
|
||||||
$Env:OPENSSL_CONF = Join-Path $ModuleBase -ChildPath '/openssl.conf'
|
$Env:OPENSSL_CONF = Join-Path $ModuleBase -ChildPath '/openssl.conf'
|
||||||
|
@ -102,7 +102,7 @@ Describe "New-CredentialStoreItem" {
|
|||||||
It "Missing CredentialStore should throw" {
|
It "Missing CredentialStore should throw" {
|
||||||
{
|
{
|
||||||
New-CredentialStoreItem -Shared -Path '/tmp/missingStore.json' -RemoteHost 'notrelevant'
|
New-CredentialStoreItem -Shared -Path '/tmp/missingStore.json' -RemoteHost 'notrelevant'
|
||||||
} | Should -Throw "The given credential store (/tmp/missingStore.json) does not exist!"
|
} | Should -Throw "Could not add anything into the given CredentialStore."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Context "Testing pipeline paramter" {
|
Context "Testing pipeline paramter" {
|
||||||
|
@ -32,7 +32,7 @@ function New-CredentialStoreItem {
|
|||||||
[None]
|
[None]
|
||||||
|
|
||||||
.EXAMPLE
|
.EXAMPLE
|
||||||
New-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost esx01.myside.local'
|
New-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
|
||||||
#>
|
#>
|
||||||
|
|
||||||
[CmdletBinding(DefaultParameterSetName = 'Private')]
|
[CmdletBinding(DefaultParameterSetName = 'Private')]
|
||||||
@ -68,7 +68,7 @@ function New-CredentialStoreItem {
|
|||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Set the CredentialStore for private, shared or custom mode.
|
# Set the CredentialStore for private, shared or custom mode.
|
||||||
Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName)
|
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||||
if ($PSCmdlet.ParameterSetName -eq 'Private') {
|
if ($PSCmdlet.ParameterSetName -eq 'Private') {
|
||||||
$Path = Get-DefaultCredentialStorePath
|
$Path = Get-DefaultCredentialStorePath
|
||||||
}
|
}
|
||||||
@ -84,9 +84,9 @@ function New-CredentialStoreItem {
|
|||||||
if (-not(Test-CredentialStore -Shared -Path $Path)) {
|
if (-not(Test-CredentialStore -Shared -Path $Path)) {
|
||||||
$MessageParams = @{
|
$MessageParams = @{
|
||||||
Exception = [System.IO.FileNotFoundException]::new(
|
Exception = [System.IO.FileNotFoundException]::new(
|
||||||
'The given credential store ({0}) does not exist!' -f $Path
|
'Could not add anything into the given CredentialStore.'
|
||||||
)
|
)
|
||||||
ErrorAction = 'Stop'
|
ErrorAction = "Stop"
|
||||||
}
|
}
|
||||||
Write-Error @MessageParams
|
Write-Error @MessageParams
|
||||||
}
|
}
|
||||||
@ -95,8 +95,8 @@ function New-CredentialStoreItem {
|
|||||||
|
|
||||||
$CurrentDate = Get-Date -Format 'u'
|
$CurrentDate = Get-Date -Format 'u'
|
||||||
|
|
||||||
if ($Identifier -ne '') {
|
if ($Identifier -ne "") {
|
||||||
$CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost
|
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$CredentialName = $RemoteHost
|
$CredentialName = $RemoteHost
|
||||||
|
@ -1,130 +0,0 @@
|
|||||||
[Diagnostics.CodeAnalysis.SuppressMessageAttribute(
|
|
||||||
'PSAvoidUsingConvertToSecureStringWithPlainText',
|
|
||||||
'',
|
|
||||||
Justification = 'just used in pester tests.'
|
|
||||||
)]
|
|
||||||
[Diagnostics.CodeAnalysis.SuppressMessageAttribute(
|
|
||||||
'PSProvideCommentHelp',
|
|
||||||
'',
|
|
||||||
Justification = 'no need in internal pester helpers.'
|
|
||||||
)]
|
|
||||||
param ()
|
|
||||||
|
|
||||||
BeforeAll {
|
|
||||||
$ManifestFile = (Get-Item -Path './src/*.psd1').FullName
|
|
||||||
Import-Module $ManifestFile -Force
|
|
||||||
|
|
||||||
$PrivateFunctions = (Get-ChildItem -Path './src/Private/*.ps1' | Where-Object {
|
|
||||||
$_.BaseName -notmatch '.Tests'
|
|
||||||
}
|
|
||||||
).FullName
|
|
||||||
foreach ( $func in $PrivateFunctions) {
|
|
||||||
. $func
|
|
||||||
}
|
|
||||||
|
|
||||||
# Backup existing credential stores
|
|
||||||
$VerbosePreference = 'Continue'
|
|
||||||
Write-Verbose -Message 'Backup private Credential Store...'
|
|
||||||
$CSPath = Get-DefaultCredentialStorePath
|
|
||||||
$BackupFile = '{0}.back' -f $CSPath
|
|
||||||
if (Test-Path -Path $CSPath) {
|
|
||||||
Move-Item -Path $CSPath -Destination $BackupFile
|
|
||||||
}
|
|
||||||
Write-Verbose -Message 'Backup shared CredentialStore...'
|
|
||||||
$CSShared = Get-DefaultCredentialStorePath -Shared
|
|
||||||
$BackupSharedFile = '{0}.back' -f $CSShared
|
|
||||||
if (Test-Path -Path $CSShared) {
|
|
||||||
Move-Item -Path $CSShared -Destination $BackupSharedFile
|
|
||||||
}
|
|
||||||
Write-Verbose -Message 'Remove old CredentialStore in Temp dir'
|
|
||||||
$CSTemp = Join-Path -Path (Get-TempDir) -ChildPath '/CredentialStore.json'
|
|
||||||
if (Test-Path -Path $CSTemp) {
|
|
||||||
Remove-Item -Path $CSTemp
|
|
||||||
}
|
|
||||||
$VerbosePreference = 'SilentlyContinue'
|
|
||||||
}
|
|
||||||
|
|
||||||
Describe 'New-CredentialStoreItem' {
|
|
||||||
Context 'Private Credential Store tests' {
|
|
||||||
It 'Add entry to a private store.' {
|
|
||||||
# Create a fresh CredentialStore first
|
|
||||||
New-CredentialStore -Force
|
|
||||||
|
|
||||||
# Define the content of the CredentialStoreItem.
|
|
||||||
$RemoteHost = 'barfoo'
|
|
||||||
$UserName = 'MyUser'
|
|
||||||
$Password = 'fooobarysdfsfs' | ConvertTo-SecureString -AsPlainText -Force
|
|
||||||
|
|
||||||
# Form the CredentialObject.
|
|
||||||
$creds = [PSCredential]::new($UserName, $Password)
|
|
||||||
|
|
||||||
# Create the CredentialStoreItem.
|
|
||||||
New-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds
|
|
||||||
|
|
||||||
# Formulate an update to the CredentialStoreItem.
|
|
||||||
$ClearPassword = 'fooobaryadfafa'
|
|
||||||
$Password = $ClearPassword | ConvertTo-SecureString -AsPlainText -Force
|
|
||||||
$creds = [PSCredential]::new($UserName, $Password)
|
|
||||||
{
|
|
||||||
Set-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds
|
|
||||||
} | Should -Not -Throw
|
|
||||||
|
|
||||||
# Control the content of the CredentialStore.
|
|
||||||
$content = Get-CredentialStoreItem -RemoteHost $RemoteHost
|
|
||||||
$content.GetNetworkCredential().Password | Should -Be $ClearPassword
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Context 'Shared Credential Store tests' {
|
|
||||||
It 'Add entry to a shared store.' {
|
|
||||||
# Create a fresh CredentialStore first
|
|
||||||
$tmpCS = Join-Path -Path (Get-TempDir) -ChildPath '/CredentialStore.json'
|
|
||||||
New-CredentialStore -Path $tmpCS -Force -Shared
|
|
||||||
|
|
||||||
# Define the content of the CredentialStoreItem.
|
|
||||||
$RemoteHost = 'barfoo'
|
|
||||||
$UserName = 'MyUser'
|
|
||||||
$Password = 'fooobarysdfsfs' | ConvertTo-SecureString -AsPlainText -Force
|
|
||||||
|
|
||||||
# Form the CredentialObject.
|
|
||||||
$creds = [PSCredential]::new($UserName, $Password)
|
|
||||||
|
|
||||||
# Create the CredentialStoreItem.
|
|
||||||
New-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds -Path $tmpCS -Shared
|
|
||||||
|
|
||||||
# Formulate an update to the CredentialStoreItem.
|
|
||||||
$ClearPassword = 'fooobaryadfafa'
|
|
||||||
$Password = $ClearPassword | ConvertTo-SecureString -AsPlainText -Force
|
|
||||||
$creds = [PSCredential]::new($UserName, $Password)
|
|
||||||
|
|
||||||
{
|
|
||||||
Set-CredentialStoreItem -RemoteHost $RemoteHost -Credential $creds -Path $tmpCS -Shared
|
|
||||||
} | Should -Not -Throw
|
|
||||||
|
|
||||||
# Control the content of the CredentialStore.
|
|
||||||
$content = Get-CredentialStoreItem -RemoteHost $RemoteHost -Path $tmpCS -Shared
|
|
||||||
$content.GetNetworkCredential().Password | Should -Be $ClearPassword
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
AfterAll {
|
|
||||||
# Cleanup test stores and restore existing ones.
|
|
||||||
$VerbosePreference = 'Continue'
|
|
||||||
Write-Verbose -Message 'Restoring private CredentialStore'
|
|
||||||
If (Test-Path -Path $BackupFile) {
|
|
||||||
If (Test-Path -Path $CSPath) {
|
|
||||||
Remove-Item -Path $CSPath
|
|
||||||
Move-Item -Path $BackupFile -Destination $CSPath
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Write-Verbose -Message 'Restoring shared CredentialStore'
|
|
||||||
If (Test-Path -Path $BackupSharedFile) {
|
|
||||||
If (Test-Path -Path $CSShared) {
|
|
||||||
Remove-Item -Path $CSShared
|
|
||||||
Move-Item -Path $BackupSharedFile -Destination $CSShared
|
|
||||||
}
|
|
||||||
}
|
|
||||||
$VerbosePreference = 'SilentlyContinue'
|
|
||||||
|
|
||||||
}
|
|
@ -13,7 +13,7 @@ function Set-CredentialStoreItem {
|
|||||||
Specify the host you for which you would like to change the credentials.
|
Specify the host you for which you would like to change the credentials.
|
||||||
|
|
||||||
.PARAMETER Identifier
|
.PARAMETER Identifier
|
||||||
Defaults to ''. Specify a string, which separates two CredentialStoreItems for the
|
Defaults to "". Specify a string, which separates two CredentialStoreItems for the
|
||||||
same hostname.
|
same hostname.
|
||||||
|
|
||||||
.PARAMETER Shared
|
.PARAMETER Shared
|
||||||
@ -30,10 +30,10 @@ function Set-CredentialStoreItem {
|
|||||||
[None]
|
[None]
|
||||||
|
|
||||||
.EXAMPLE
|
.EXAMPLE
|
||||||
Set-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local'
|
Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
|
||||||
|
|
||||||
.EXAMPLE
|
.EXAMPLE
|
||||||
Set-CredentialStoreItem -Path 'C:\TMP\mystore.json' -RemoteHost 'esx01.myside.local' -Identifier svc
|
Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" -Identifier svc
|
||||||
#>
|
#>
|
||||||
|
|
||||||
[CmdletBinding(DefaultParameterSetName = 'Private')]
|
[CmdletBinding(DefaultParameterSetName = 'Private')]
|
||||||
@ -65,7 +65,7 @@ function Set-CredentialStoreItem {
|
|||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Set the CredentialStore for private, shared or custom mode.
|
# Set the CredentialStore for private, shared or custom mode.
|
||||||
Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName)
|
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||||
if ($PSCmdlet.ParameterSetName -eq 'Private') {
|
if ($PSCmdlet.ParameterSetName -eq 'Private') {
|
||||||
$Path = Get-DefaultCredentialStorePath
|
$Path = Get-DefaultCredentialStorePath
|
||||||
}
|
}
|
||||||
@ -77,52 +77,32 @@ function Set-CredentialStoreItem {
|
|||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
# Define the default splatting.
|
# Lets do a quick test on the given CredentialStore.
|
||||||
$DefaultSplatting = @{
|
if (-not(Test-CredentialStore -Shared -Path $Path)) {
|
||||||
Path = $Path
|
|
||||||
}
|
|
||||||
|
|
||||||
# Check if the user passed -Shared. If he added -Shared, we'll pass it into the splatting
|
|
||||||
if ($PSBoundParameters.ContainsKey('Shared')) {
|
|
||||||
$DefaultSplatting.Add('Shared', $true)
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$DefaultSplatting.Add('Shared', $false)
|
|
||||||
}
|
|
||||||
|
|
||||||
# Now lets check the given CredentialStore.
|
|
||||||
if (-not(Test-CredentialStore @DefaultSplatting)) {
|
|
||||||
$MessageParams = @{
|
$MessageParams = @{
|
||||||
Message = ('The given CredentialStore ({0}) does no exist.' -f $Path)
|
Message = 'Could not add anything into the given CredentailStore.'
|
||||||
ErrorAction = 'Stop'
|
ErrorAction = 'Stop'
|
||||||
}
|
}
|
||||||
Write-Error @MessageParams
|
Write-Error @MessageParams
|
||||||
}
|
}
|
||||||
|
|
||||||
# Read the file content based on the given ParameterSetName
|
# Read the file content based on the given ParameterSetName
|
||||||
$CSContent = Get-CredentialStore @DefaultSplatting
|
$CSContent = Get-CredentialStore -Shared -Path $Path
|
||||||
|
|
||||||
# Get a formatted current date for the last update time of the Item.
|
|
||||||
$CurrentDate = Get-Date -Format 'u'
|
$CurrentDate = Get-Date -Format 'u'
|
||||||
|
|
||||||
# Check if the user supplied an identifier. If so, we need to mangle the CredentialName, as that's where
|
if ($Identifier -ne "") {
|
||||||
# the identifier is actually added.
|
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||||
if ($Identifier -ne '') {
|
|
||||||
$CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$CredentialName = $RemoteHost
|
$CredentialName = $RemoteHost
|
||||||
}
|
}
|
||||||
|
|
||||||
# If the user didn't supply a CredentialObject, we need to prompt for it.
|
|
||||||
if (-not($Credential)) {
|
if (-not($Credential)) {
|
||||||
$Credential = Get-Credential -Message $CredentialName
|
$Credential = Get-Credential -Message $CredentialName
|
||||||
}
|
}
|
||||||
|
|
||||||
# If the username isn't empty, we ca go ahead and update the entry.
|
if ($Credential.UserName) {
|
||||||
if ($null -ne $Credential.UserName -and -not [string]::IsNullOrWhiteSpace($Credential.UserName)) {
|
|
||||||
# Check if the path to the PfxCertificate is stored in the CredentialStore. If so load the certificate.
|
|
||||||
# If not, load try loading the certificate from the Filepath of the CredentialStore.
|
|
||||||
if ($null -eq $CSContent.PfxCertificate) {
|
if ($null -eq $CSContent.PfxCertificate) {
|
||||||
$Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint
|
$Cert = Get-CSCertificate -Type $CSContent.Type -Thumbprint $CSContent.Thumbprint
|
||||||
}
|
}
|
||||||
@ -130,17 +110,13 @@ function Set-CredentialStoreItem {
|
|||||||
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
|
$Cert = Get-PfxCertificate -FilePath $CSContent.PfxCertificate -ErrorAction Stop
|
||||||
}
|
}
|
||||||
|
|
||||||
# Now locate the Item.
|
|
||||||
if (Get-Member -InputObject $CSContent -Name $CredentialName -MemberType Properties) {
|
if (Get-Member -InputObject $CSContent -Name $CredentialName -MemberType Properties) {
|
||||||
# Get a random AES key for the entry.
|
|
||||||
$RSAKey = Get-RandomAESKey
|
$RSAKey = Get-RandomAESKey
|
||||||
$CSContent.$CredentialName.User = $Credential.UserName
|
$CSContent.$CredentialName.User = $Credential.UserName
|
||||||
$ConvertParams = @{
|
$ConvertParams = @{
|
||||||
SecureString = $Credential.Password
|
SecureString = $Credential.Password
|
||||||
Key = $RSAKey
|
Key = $RSAKey
|
||||||
}
|
}
|
||||||
|
|
||||||
# Now create a updated item containing the updated credentials.
|
|
||||||
$CSContent.$CredentialName.Password = ConvertFrom-SecureString @ConvertParams
|
$CSContent.$CredentialName.Password = ConvertFrom-SecureString @ConvertParams
|
||||||
$CSContent.$CredentialName.LastChange = $CurrentDate
|
$CSContent.$CredentialName.LastChange = $CurrentDate
|
||||||
$CSContent.$CredentialName.EncryptedKey = [Convert]::ToBase64String(
|
$CSContent.$CredentialName.EncryptedKey = [Convert]::ToBase64String(
|
||||||
@ -149,15 +125,10 @@ function Set-CredentialStoreItem {
|
|||||||
[System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1
|
[System.Security.Cryptography.RSAEncryptionPadding]::Pkcs1
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
# Convert the CredentialStore back into JSON and save it to the file.
|
|
||||||
ConvertTo-Json -InputObject $CSContent -Depth 5 | Out-File -FilePath $Path -Encoding utf8
|
ConvertTo-Json -InputObject $CSContent -Depth 5 | Out-File -FilePath $Path -Encoding utf8
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
Write-Warning -Message ('Unable to locate CredentialStoreItem for {0}' -f $CredentialName)
|
|
||||||
}
|
}
|
||||||
}
|
Else {
|
||||||
else {
|
|
||||||
$MessageParams = @{
|
$MessageParams = @{
|
||||||
Message = 'Please Provide at least a valid user!'
|
Message = 'Please Provide at least a valid user!'
|
||||||
ErrorAction = 'Stop'
|
ErrorAction = 'Stop'
|
||||||
|
@ -33,11 +33,11 @@ function Test-CredentialStoreItem {
|
|||||||
[None]
|
[None]
|
||||||
|
|
||||||
.EXAMPLE
|
.EXAMPLE
|
||||||
if (Test-CredentialStoreItem -RemoteHost 'Default') {
|
if (Test-CredentialStoreItem -RemoteHost "Default") {
|
||||||
Get-CredentialStoreItem -RemoteHost 'Default'
|
Get-CredentialStoreItem -RemoteHost "Default"
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
Write-Warning ('The given Remote Host {0} does not exist in the credential Store!' -f $RemoteHost)
|
Write-Warning ("The given Remote Host {0} does not exist in the credential Store!" -f $RemoteHost)
|
||||||
}
|
}
|
||||||
#>
|
#>
|
||||||
|
|
||||||
@ -45,7 +45,7 @@ function Test-CredentialStoreItem {
|
|||||||
[OutputType([bool])]
|
[OutputType([bool])]
|
||||||
param (
|
param (
|
||||||
[Parameter(Mandatory = $false, ParameterSetName = 'Shared')]
|
[Parameter(Mandatory = $false, ParameterSetName = 'Shared')]
|
||||||
[string]$Path = '{0}\PSCredentialStore\CredentialStore.json' -f $env:ProgramData,
|
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
|
||||||
|
|
||||||
[Parameter(Mandatory = $true)]
|
[Parameter(Mandatory = $true)]
|
||||||
[ValidateNotNullOrEmpty()]
|
[ValidateNotNullOrEmpty()]
|
||||||
@ -61,7 +61,7 @@ function Test-CredentialStoreItem {
|
|||||||
|
|
||||||
begin {
|
begin {
|
||||||
# Set the CredentialStore for private, shared or custom mode.
|
# Set the CredentialStore for private, shared or custom mode.
|
||||||
Write-Debug ('ParameterSetName: {0}' -f $PSCmdlet.ParameterSetName)
|
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
|
||||||
if ($PSCmdlet.ParameterSetName -eq 'Private') {
|
if ($PSCmdlet.ParameterSetName -eq 'Private') {
|
||||||
$Path = Get-DefaultCredentialStorePath
|
$Path = Get-DefaultCredentialStorePath
|
||||||
}
|
}
|
||||||
@ -73,8 +73,8 @@ function Test-CredentialStoreItem {
|
|||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
if ($Identifier -ne '') {
|
if ($Identifier -ne "") {
|
||||||
$CredentialName = $RemoteHost = '{0}/{1}' -f $Identifier, $RemoteHost
|
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$CredentialName = $RemoteHost
|
$CredentialName = $RemoteHost
|
||||||
@ -92,7 +92,7 @@ function Test-CredentialStoreItem {
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$MsgParams = @{
|
$MsgParams = @{
|
||||||
Message = 'The given credential store ({0}) does not exist!' -f $Path
|
Message = "The given credential store ({0}) does not exist!" -f $Path
|
||||||
}
|
}
|
||||||
Write-Warning @MsgParams
|
Write-Warning @MsgParams
|
||||||
return $false
|
return $false
|
||||||
|
@ -146,27 +146,27 @@
|
|||||||
ExternalModuleDependencies = @(
|
ExternalModuleDependencies = @(
|
||||||
@{
|
@{
|
||||||
ModuleName = 'VMware.VimAutomation.Core'
|
ModuleName = 'VMware.VimAutomation.Core'
|
||||||
ModuleVersion = '12.7.0.20091293'
|
ModuleVersion = '6.5.2.6234650'
|
||||||
},
|
},
|
||||||
@{
|
@{
|
||||||
ModuleName = 'VMware.VimAutomation.Cis.Core'
|
ModuleName = 'VMware.VimAutomation.Cis.Core'
|
||||||
ModuleVersion = '12.6.0.19601368'
|
ModuleVersion = '6.5.4.6983166'
|
||||||
},
|
},
|
||||||
@{
|
@{
|
||||||
ModuleName = 'Cisco.UCS.Common'
|
ModuleName = 'Cisco.UCS.Core'
|
||||||
ModuleVersion = '3.0.1.2'
|
ModuleVersion = '2.3.1.5'
|
||||||
},
|
},
|
||||||
@{
|
@{
|
||||||
ModuleName = 'Cisco.UCSManager'
|
ModuleName = 'Cisco.UCSManager'
|
||||||
ModuleVersion = '3.0.1.2'
|
ModuleVersion = '2.5.2.2'
|
||||||
},
|
},
|
||||||
@{
|
@{
|
||||||
ModuleName = 'WinSCP'
|
ModuleName = 'WinSCP'
|
||||||
ModuleVersion = '5.17.8.1'
|
ModuleVersion = '5.17.8.1'
|
||||||
},
|
},
|
||||||
@{
|
@{
|
||||||
ModuleName = 'NetApp.ONTAP'
|
ModuleName = 'DataONTAP'
|
||||||
ModuleVersion = '9.10.1.2111'
|
ModuleVersion = '9.7.1.1'
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
BIN
src/Vendor/libressl/openssl.exe
(Stored with Git LFS)
vendored
BIN
src/Vendor/libressl/openssl.exe
(Stored with Git LFS)
vendored
Binary file not shown.
BIN
src/Vendor/libressl255/libcrypto-41.dll
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libcrypto-41.dll
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libcrypto-41.exp
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libcrypto-41.exp
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libcrypto-41.lib
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libcrypto-41.lib
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libcrypto-41.pdb
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libcrypto-41.pdb
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libssl-43.dll
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libssl-43.dll
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libssl-43.exp
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libssl-43.exp
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libssl-43.lib
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libssl-43.lib
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libssl-43.pdb
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libssl-43.pdb
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libtls-15.dll
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libtls-15.dll
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libtls-15.exp
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libtls-15.exp
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libtls-15.lib
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libtls-15.lib
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/libtls-15.pdb
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/libtls-15.pdb
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/ocspcheck.exe
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/ocspcheck.exe
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
BIN
src/Vendor/libressl255/openssl.exe
(Stored with Git LFS)
vendored
Normal file
BIN
src/Vendor/libressl255/openssl.exe
(Stored with Git LFS)
vendored
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user