Uncategorized

Have you seen PowerCLI’s “Credential Store” feature?

It just occurred to me that a very useful feature of PowerCLI never got the introduction it deserves. The feature is the Credential Store and as the name suggests its job is to store credentials. As a result:

  1. Credentials are kept securely (no need to hard code passwords along with scripts)
  2. You type less (no need to specify user and password to Connect-VIServer)

So, how does it work in practice?

Say I connect to my VC like this:

Connect-VIServer 192.168.10.10 –User Andrey –Password “my favorite password”

To use the credential store, I do the following:

New-VICredentialStoreItem -Host 192.168.10.10 -User "Andrey" -Password "my favorite password"

Now I can type just:

Connect-VIServer 192.168.10.10

When I don’t specify user and/or password, Connect-VIServer checks the credential store, finds my newly stored credential and uses it.

By default the credential store file is stored under the user profile directory. It is encrypted. If I got you interested, check “help *VICredentialStoreItem” for details.

 

Andrey Anastasov,

PowerCLI Architect

Comments

28 comments have been added so far

  1. The credential store is encrypted with .Net’s ProtectedData.Protect() function which delegates to Windows’ CryptProtectData(). It is considered a secure way to protect data and – to my knowledge – is the method employed by the built-in Windows file encryption (EFS).
    To decrypt the data, an attacker must have enough information as to log in as the user who encrypted the data. In other words, even if someone steals the harddisk, the data is secure as long as the user password is unavailable to the attacker. An administrator cannot read the data by forcing password reset.

  2. Andrey, thanks for this hint. One question though: When I type New-VICredentialStoreItem -Host 192.168.10.10 -User “Andrey” -Password “my favorite password” this command is stored in the PowerCli command history, meaning that anybody could stumble upon my typed out password.
    clear-history does not delete any of the vsphere powercli-commands, nor does closing the whole thing and rebooting do.

    Is there a way to remove my typed out password from powerclis command history?

    Regards,
    Thomas

  3. thanks! it did help me, i was looking for a script to store password in my existing script.

    Connect-VIServer 192.168.10.10 –User Andrey –Password “my favorite password”

    FYI beginners, remove the quotes from your password . ie.

    Connect-VIServer 192.168.10.10 –User jsmith –Password Hello@123

  4. Hunting for a sink can be overwhelming, confusing, and frustrating. The Sink Reviewer is here to guide you with buying tips, ratings, and reviews. Let’s find the perfect sink for you.

  5. Hunting for a sink can be overwhelming, confusing, and frustrating. The Sink Reviewer is here to guide you with buying tips, ratings, and reviews. Let’s find the perfect sink for you.

  6. Trade Spine provides the best online deals of the day at affordable prices from one of the best nearby local stores from your location. Avail of daily discount offers and hot deals only at our website. Just visit us and get amazing deals only on our website.

  7. This is an awesome article and very interesting to read. You see, every town around the world should always patronize their own local products and that is why I believe that it is a huge need for us to have local shops for the local people.

Leave a Reply

Your email address will not be published.