4

I am building some Windows VMs with Vagrant, and the Vagrant provisioner will create some users. I'd like to be able to commit the passwords for those users to source control, but obviously I don't want to commit them in plain text.

On Linux, I know I can create a hashed password on my local machine, and then later create a new user with that hashed password - the server I'm creating the user on never has to even see the plaintext password. 

# Create the password hash: 
hashpass=$(echo 'P@ssword123' | mkpasswd --method=sha-512 --stdin)

# Make a new user with the hash:
useradd --password "$hashpass" <new username>

Is it possible to do this in Windows?

Micah R Ledbetter
  • 513
  • 1
  • 5
  • 19
  • I wasn't able to find anything to let you directly add a user with the NT hash, but PowerShell adds users via the SecureString datatype with reversible encryption. It can only be decrypted by the user that encrypted it, so this might not be acceptable for your purposes. If it is, I can convert it into an answer. http://social.technet.microsoft.com/wiki/contents/articles/4546.working-with-passwords-secure-strings-and-credentials-in-windows-powershell.aspx – GuitarPicker Nov 17 '15 at 21:35
  • I don't think that would help me, unfortunately. I need to encrypt (or hash) the password as my normal user account on my workstation, and have it be decrypted (or passed directly as the hash of the user password, which may not be possible) by the vagrant user on the vagrant VM. – Micah R Ledbetter Nov 17 '15 at 22:02
  • An MD4 hash is barely better than plain text. I would not trust anyone with an MD4 hash that I wouldn't also trust with a password. – Ryan Ries Jan 27 '18 at 21:06

0 Answers0