Securely save and retrieve credentials w/PowerCLi

Cover

Sooner or later, every administrator comes to the fact that he needs some way to save and retrieve credentials. And it should be fast, efficient, convenient and most importantly securely.

None of the methods known to me did not meet all these requirements at once. I began to search and found my way, which I want to share with you. This is PowerCLi! Are you surprised? Sometimes the simplest solution is on the surface.

VICredentialStore cmdlets

  • The PowerCLi contains three VICredentialStoreItem related cmdlets.
gcm -Noun vicred*
  • These cmdlets very simple to use. The New-VICredentialStoreItem creates a new or updates existing credential store item.
New-VICredentialStoreItem -Host ps1code -User Administrator -Password P@ssw0rd
  • The Get-VICredentialStoreItem can retrieve the items and even show the items’ passwords as clear text!
Get-VICredentialStoreItem –Host ps1code | select Host, User, Password
Get-VICredentialStoreItem | select Host, User, Password

01.Convert-VI2PSCredential

  • You more no need the item(s)? Do remove it/them by Remove-VICredentialStoreItem.
Get-VICredentialStoreItem –Host ps1code | Remove-VICredentialStoreItem
Get-VICredentialStoreItem | Remove-VICredentialStoreItem -Confirm:$false
  • It would seem that everything is fine, but there is one problem. We cannot directly use object, returned by Get-VICredentialStoreItem as value for -Credential parameter Emoj.
Get-VICredentialStoreItem | Get-Member
Add-VMHost -Credential (Get-VICredentialStoreItem -Host ps1code)
Get-Help Add-VMHost -Parameter Credential

02.Convert-VI2PSCredential

  • Here the Convert-VI2PSCredential function from my PowerCLi Vi-Module module will help us.

Convert-VI2PSCredential

  • The Convert-VI2PSCredential converts credentials, returned by Get-VICredentialStoreItem to the well-known [PSCredential] data type.
Get-VICredentialStoreItem -Host ps1code | Convert-VI2PSCredential

03.Convert-VI2PSCredential

  • This will allow us to use PowerCLi credentials with any cmdlet (not only PowerCLi) that supports -Credential parameter!!! There are many such …
Get-Command -ParameterName credential
Get-Command -ParameterName credential -Module azure*
  • Now you can safely save your credentials by New-VICredentialStoreItem, then retrieve them by Get-VICredentialStoreItem, convert it by Convert-VI2PSCredential and pass it to the -Credential parameter.

  • Let’s for example login to the Azure with saved PowerCLi credentials. The -Host value is only pointer for selecting item by Get-VICredentialStoreItem -Host, it will not be part of the credentials!

New-VICredentialStoreItem -Host Azure -User ps1code@onmicrosoft.com -Password $Password
Import-Module AzureRM
Login-AzureRmAccount -Credential (Get-VICredentialStoreItem -Host azure | vi2ps)
  • The vi2ps is the alias for the Convert-VI2PSCredential.
Get-Alias -Definition Convert-VI2PSCredential

Summary

  • For more details about the function, please take a look at the content based help and examples.
Get-Help Convert-VI2PSCredential -Full
Get-Help Convert-VI2PSCredential -Examples

You may also like:

VMware VAMI PowerCLi module
Set-PowerCLiTitle – Connect-VIServer deep dive
Set-SdrsCluster – Configure Storage DRS clusters

3 thoughts on “Securely save and retrieve credentials w/PowerCLi

    1. The object, returned by the function can be used as value for -Credential parameter in any cmdlet (PowerCLi/PowerShell, embedded, 3-d party, etc).
      Where do you plan to use it (what cmdlet and for what parameter) ?

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s