It just occurred to me that a very useful feature of PowerCLI never got the introduction it deserves. The feature is the Credential Store and as the name suggests its job is to store credentials. As a result:
- Credentials are kept securely (no need to hard code passwords along with scripts)
- You type less (no need to specify user and password to Connect-VIServer)
So, how does it work in practice?
Say I connect to my VC like this:
Connect-VIServer 192.168.10.10 –User Andrey –Password “my favorite password”
To use the credential store, I do the following:
New-VICredentialStoreItem -Host 192.168.10.10 -User "Andrey" -Password "my favorite password"
Now I can type just:
Connect-VIServer 192.168.10.10
When I don’t specify user and/or password, Connect-VIServer checks the credential store, finds my newly stored credential and uses it.
By default the credential store file is stored under the user profile directory. It is encrypted. If I got you interested, check “help *VICredentialStoreItem” for details.
Andrey Anastasov,
PowerCLI Architect
In case anyone wants the full usage: http://www.vmware.com/support/developer/windowstoolkit/wintk40u1/html/New-VICredentialStoreItem.html
Fully agree Andrey, indeed a forgotten cmdlet ;-(
Could you perhaps expand a bit on the encryption ? Is it based on the SecureString class, can it be decrypted with the GetNetworkCredential method ?
Jake, I suppose that link should be http://www.vmware.com/support/developer/PowerCLI/PowerCLI50/html/New-VICredentialStoreItem.html 😉
The credential store is encrypted with .Net’s ProtectedData.Protect() function which delegates to Windows’ CryptProtectData(). It is considered a secure way to protect data and – to my knowledge – is the method employed by the built-in Windows file encryption (EFS).
To decrypt the data, an attacker must have enough information as to log in as the user who encrypted the data. In other words, even if someone steals the harddisk, the data is secure as long as the user password is unavailable to the attacker. An administrator cannot read the data by forcing password reset.
Andrey, thanks for this hint. One question though: When I type New-VICredentialStoreItem -Host 192.168.10.10 -User “Andrey” -Password “my favorite password” this command is stored in the PowerCli command history, meaning that anybody could stumble upon my typed out password.
clear-history does not delete any of the vsphere powercli-commands, nor does closing the whole thing and rebooting do.
Is there a way to remove my typed out password from powerclis command history?
Regards,
Thomas
thanks! it did help me, i was looking for a script to store password in my existing script.
Connect-VIServer 192.168.10.10 –User Andrey –Password “my favorite password”
FYI beginners, remove the quotes from your password . ie.
Connect-VIServer 192.168.10.10 –User jsmith –Password Hello@123
Hi there, yes this article is actually pleasant and
I have learned lot of things from it regarding
blogging. thanks.
A great article and very helpful for me
thanks for sharing
Hi there, yes this article is actually pleasant andI have learned lot of things from it regarding
blogging.
thanks.
https://techgainz.com/
A great article and very helpful for me
thanks for sharing https://monetorapk.com/
you are doing a good job thanks for sharing
Great post.
Thanks for you
I am a regular reader of your blog, Amazing content with proper examples. Thank you admin.
The Article is highly informative and helpful. recommended to everyone.
Thanks for sharing such beautiful information with us. I hope you will share some more information about weight loss motivation. Please keep sharing.
Hey, thanks for sharing this amazing article. I really happy to get this information. I am looking for new article.
Cheers
Gizmodoly
Hey, thanks for sharing this amazing article. I really happy to get this information. I am looking for new article.
Cheers
Gizmodoly
Hunting for a sink can be overwhelming, confusing, and frustrating. The Sink Reviewer is here to guide you with buying tips, ratings, and reviews. Let’s find the perfect sink for you.
Hunting for a sink can be overwhelming, confusing, and frustrating. The Sink Reviewer is here to guide you with buying tips, ratings, and reviews. Let’s find the perfect sink for you.
Our goal is to make trampoline buying process easier, safer, and more enjoyable for everyone through skill-based tutorials, detailed guides, and in-depth reviews.
Trade Spine provides the best online deals of the day at affordable prices from one of the best nearby local stores from your location. Avail of daily discount offers and hot deals only at our website. Just visit us and get amazing deals only on our website.
Great post.
Thanks for this post
Ping us at https://enhau.com/ We will try to find the solution
ey, thanks for sharing this amazing article. I really happy to get this information.
This is an awesome article and very interesting to read. You see, every town around the world should always patronize their own local products and that is why I believe that it is a huge need for us to have local shops for the local people.
Our goal is to make trampoline buying process easier, safer, and more enjoyable for everyone through skill-based tutorials, detailed guides, and in-depth reviews
Trying one thing new, like a skydive, could be superb and
thrilling.What it is like to skydive.
Hi there, yes this article is actually pleasant and
I have learned lot of things from it regarding
blogging. thanks.
https://monetorapk.com