OCram85
d92d963979
* adds certificate store location * add additional certificate store tests * add cert store tests for New-CredentialStoreItem * fix test * add error handling for credential store path * add Import-CSCertificate helper function * Import new certificate if param is given * fix extension filter * add linux error message * fix pester test for linux * update cert helper functions * export helper functions * fix cs cert import * simplify cs cret lookup * remove obsolete functions * fix pester test for linux * fix error type for linux * fix var name * fix pester test * disable travis artifact upload * update cert lookup for item functions * debug build error * use cert instance constructor for linux * disable debug output * remove obsolete exports |
||
|---|---|---|
| .vscode | ||
| assets | ||
| bin | ||
| docs | ||
| resources | ||
| src | ||
| tests | ||
| tools | ||
| .gitattributes | ||
| .gitignore | ||
| .travis.yml | ||
| LICENSE | ||
| README.md | ||
| appveyor.yml | ||
README.md
General
The PSCredentialStore is a simple credential manager for PSCredentials. It stores PSCredentials in a simple json file. You can choose between a private and shared credential store. The private one exists in your profile and can ony accessed by your account on the same machine. The shared store enables you to use different credentials for your scripts without exposing them as plain text.
The shared store isn't 100% secure and I don't recommend using it in production!
PSCredentialStore was developed to simplify the delegation of complex powershell scripts. In this case you often need to store credentials for non interactive usage like in scheduled tasks.
For more details read the about_PSCredentialStore page on github or via CLI with
Get-Help about_PSCredentialStore.
❗ Upcoming Changes ❗
The will be some breaking changes starting with the 0.5.0.xxx:
- PSCredentialStore will use PFX certificates to encrypt your credentials.
- This replaces the the current encryption methods and you need to recreate or upgrade your pre existing stores.
- The changes allows the PSCredentialStore module to support the PowerShell
Coreeditions.- Yes this means, you can use the module on any PowerShell 6 supported linux distribution.
- It's also possible to create a shared credential store and transfer it onto a another platform like:
Windows -- to --> Linuxand vice versa. - Automatically creates self signed certificate with 2048 bits RSA keys for encryption.
Installation
PowerShellGallery.com (Recommended Way)
- Make sure you use PowerShell 5.1 or higher with
$PSVersionTable. - Use the builtin PackageManagement and install with:
Import-Module PowerShellGet; Install-Module 'PSCredentialStore' -Repository 'PSGallery'- Additionally use the
-AllowPrereleaseswitch until we publish the final release!
- Additionally use the
- Done. Start exploring the Module with
Import-Module PSCredentialStore ; Get-Command -Module PSCredentialStore
Manual Way
- Take a look at the Latest Release page.
- Download the
PSCredentialStore.zip. - Unpack the zip file and put it in your Powershell module path.
- Don't forget to change the NTFS permission flag in the context menu.
- Start with
Import-Module PSCredentialStore
Quick Start
1. First we need a blank credential store. You can decide between a private or shared store. The private Credential Store can only be accessed with your profile on the machine you created it.
# Private credential store
New-CredentialStore
# Shared credential rtore
New-CredentialStore -Shared
#Shared credential store in custom Location
New-CredentialStore -Shared -Path 'C:\CredentialStore.json'
2. Now you can manage your credential store items:
# This will prompt for credentials and stores it in a private store
New-CredentialStoreItem -RemoteHost 'dc01.myside.local' -Identifier 'AD'
# You can now use it in other scripts like this:
$DCCreds = Get-CredentialStoreItem -RemoteHost 'dc01.myside.local' -Identifier 'AD'
Invoke-Command -ComputerName 'dc01.myside.local' -Credential $DCCreds -ScripBlock {Get-Process}
The credential store contains also a simple function to establish a connection with several systems or protocols. If you have already installed the underlying framework / modules, you can connect these endpoints:
- CiscoUcs - Establish a connection to a Cisco UCS fabric interconnect.
- Required Modules:
Cisco.UCS.Core,Cisco.UCSManager
- Required Modules:
- FTP - Establish a connection to a FTP host.
- Required Modules:
WinSCP
- Required Modules:
- NetAppFAS - Establish a connection to a NetApp Clustered ONTAP filer.
- Required Modules:
DataONTAP
- Required Modules:
- VMware - Establish a connection to a VMware vCenter or ESXi host.
- Required Modules:
VMware.VimAutomation.Core
- Required Modules:
- CisServer - Establish a connection to the CisServer Service on vCenter Host.
- Required Modules:
VMware.VimAutomation.Cis.Core
- Required Modules:
- ExchangeHTTP - Establish a remote connection with an Exchange endpoint via http.
- Requires PowerShell remoting
- ExchangeHTTPS - Establish a remote connection with an Exchange endpoint via https.
- Requires PowerShell remoting
- SCP - Establish a SCP connection.
- Required Modules:
WinSCP
- Required Modules:
Here are some basic examples:
Connect-To -RemoteHost "ucs.myside.local" -Type CiscoUcs
Connect-To -RemoteHost "ftp.myside.local" -Type FTP
Connect-To -RemoteHost "fas.myside.local" -Type NetAppFAS
Connect-To -RemoteHost "esx01.myside.local" -Type VMware
Connect-To -RemoteHost "vcr.myside.local" -Type CisServer
Credits
A huge thanks to all the people who helped with their projects and indirect contributions which made this possible!
- This module is inspired by the awesome work of @dlwyatt with articles like these:
- The awesome people from LibreSSL which publishes the portable openssl/libressl binaries!