3 Replies Latest reply on Jun 28, 2018 2:17 AM by LucD

    Looking for inspiration ... Passwords in Scripts

    feixfb Novice

      Hey there,


      after i install our ESXi hosts and put them into the vcenter i use a powershell script which will do the rest of configuration needed...


      One of the points is to create a local readonly esxi User with a password. I dont like to have passwords in my scripts and in this case the script will only run with user interaction.


      So in the first case i try to use a simple


      $pwd = read-host "Enter a password:"


      the problem here is here you can read the password which is provided...


      I read  little bit and try..


      $pwd = read-host "Enter a password:" -asSecureString


      This looks nice in the first step but to avoid password missmatches i fetch the password twice and compare both. In this case $pwd1 & $pwd2 are securestrings and do not match.


      Now i try something like...



          $check = "0"

      while ($check -eq "0") {

              $encpasswort1 = Read-Host "Please Enter pwd: " -AsSecureString

              $encpasswort2 = Read-Host "again" -AsSecureString


              $password1 = [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($encpassword1))

              $password2 = [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($encpassword2))


              if ($passwort1 -eq $passwort2) {

                  write-host -ForegroundColor Green "Lege Nutzer auf " $esx_Host.Name "an `n"

                  $status = Connect-VIServer $esx_Host.Name -User root -wa 0

                  $status = New-VMHostAccount -Id $user -Password $passwort1 -Description $desc -UserAccount

                  $status = New-VIPermission -Principal $user -Role $role -Entity (Get-Datacenter)

                  $status = Disconnect-VIServer $esx_Host.Name -Confirm:$false

                  $check = "1"





      This works so far but maybe there is a better way...


      Maybe to compare to Securestring objects or pass them to an esxi host...


      Some ideas would be welcome.