VMware Cloud Community
esxi1979
Expert
Expert

New-VICredentialStoreItem related question

hello

New-VICredentialStoreItem -Host vCenterServer01 -User JColeman -Password ((get-credential).GetNetworkCredential().password)

this is nice way to store info without typing passwd

issue

1. i am in windows10 laptop in domain x

2. vcenter is in AD domain y

3. my username & passwd of domain y i need to use from laptop connected to domain X, how can i use this cmd  in such case ?

Note : my laptop is not joined to domain Y.

thx

Reply
0 Kudos
6 Replies
LucD
Leadership
Leadership

The encryption is dependent on the user account and the computer through which you create the VICredentialStoreItem.

So or another account, or another computer will not work!

The method I'm using is to use certificate based encryption of the password.

Mike did a good post on this concept, see Encrypt a Password with PowerShell for use by a Different User and/or on a Different Computer

A post describing a similar concept can be found in PowerShell: Encrypt and Decrypt Data by using Certificates (Public Key / Private Key)


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
LucD
Leadership
Leadership

Say, but wait a minute.

Are you always using account domain_y\user to connect to the vCenter?

And that always from your laptop?

In that case, you can use the New-VICrentialStoreItem.

You can specify an account from another domain than the one in which your laptop is joined.

Even another account then the one with which you are currently authenticated.

New-VICredentialStoreItem -Host vcenter.domain_y -User domain_y\user -Password Whatever1!

The only catch is that you can only use that entry in the VICredentialStore when logged on with the same account and on the same computer, from where you created the VICredentialStoreItem


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
esxi1979
Expert
Expert

LucD

Thanks for response. actually i am trying to avoid typing my passwd on my local laptop powercli  , the reason is i am paranoid :smileysilly:  well in real i am not sure if this get logs in some day, as many 3rd party software nowadays available which monitor lot you do when you connected to corporate network. The DLP stuff.

the below cmd seems let me avoid do that as it ask windows os, you know the passwd, get it yourself & dont let me type it, which is what i am looking for

New-VICredentialStoreItem -Host vCenterServer01 -User JColeman -Password ((get-credential).GetNetworkCredential().password)

Its like a linux admin try to avoid typing passwd in cmdline as history can allow others to see, or software like powerbroker run in background for linux as well.

the base cmd ,

New-VICredentialStoreItem -Host '192.168.1.10' -User 'admin' -Password 'password'

New-VICredentialStoreItem

warrants passwd to be written on cmdline ..

i tried

New-VICredentialStoreItem -Host vcenter.domain_y -User domain_y\user

I though it will ask to type the passwd in window but it is not smart Smiley Sad

even the page says

New-VICredentialStoreItem -Host '192.168.1.10' -User 'admin' -Password 'password'

so they want us type in powershell prompt

Reply
0 Kudos
LucD
Leadership
Leadership

So what is wrong with (get-credential).GetNetworkCredential().password?

You will have to type the password at one point.

Unless you have a credential repository somewhere which you can query one way or another.

But such a solution would be outside the scope of PowerCLI in my opinion.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
esxi1979
Expert
Expert

(get-credential).GetNetworkCredential().password is good. But if you look at my question it may not work when i am in domain 1 & login with user of domain 1. and domain 1 is where my laptop is in & now i need to connected domain 2 & use that username & passwd as this vcenter is in domain 2,  can i use that cmd or how can i modify

i (get-credential).GetNetworkCredential().password is good for not letting me type my passwd on  my powercli console, which i wanted to avoid.

Reply
0 Kudos
LucD
Leadership
Leadership

With Get-Credential you can provide an account from domain2, just enter domain2\user for the User field.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos