3 Replies Latest reply on Jun 28, 2018 2:17 AM by LucD

    Looking for inspiration ... Passwords in Scripts

    feixfb Novice

      Hey there,

       

      after i install our ESXi hosts and put them into the vcenter i use a powershell script which will do the rest of configuration needed...

       

      One of the points is to create a local readonly esxi User with a password. I dont like to have passwords in my scripts and in this case the script will only run with user interaction.

       

      So in the first case i try to use a simple

       

      $pwd = read-host "Enter a password:"

       

      the problem here is here you can read the password which is provided...

       

      I read  little bit and try..

       

      $pwd = read-host "Enter a password:" -asSecureString

       

      This looks nice in the first step but to avoid password missmatches i fetch the password twice and compare both. In this case $pwd1 & $pwd2 are securestrings and do not match.

       

      Now i try something like...

       

      ---Snip----

          $check = "0"

      while ($check -eq "0") {

              $encpasswort1 = Read-Host "Please Enter pwd: " -AsSecureString

              $encpasswort2 = Read-Host "again" -AsSecureString

       

              $password1 = [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($encpassword1))

              $password2 = [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($encpassword2))

             

              if ($passwort1 -eq $passwort2) {

                  write-host -ForegroundColor Green "Lege Nutzer auf " $esx_Host.Name "an `n"

                  $status = Connect-VIServer $esx_Host.Name -User root -wa 0

                  $status = New-VMHostAccount -Id $user -Password $passwort1 -Description $desc -UserAccount

                  $status = New-VIPermission -Principal $user -Role $role -Entity (Get-Datacenter)

                  $status = Disconnect-VIServer $esx_Host.Name -Confirm:$false

                  $check = "1"

                }

      }

      ---snip----

       

      This works so far but maybe there is a better way...

       

      Maybe to compare to Securestring objects or pass them to an esxi host...

       

      Some ideas would be welcome.

       

      Thanks