0

I need help with secure strings I understand that this way is not very secure. But this is on the admin side of the machine. However, I do not want the password in plain text for admins to see.

I've successfully got this method to work with this script: 

$securepasswordkey = "76492d1116743f0423413b16050a5345MgB8AG4ARgBHAGIAWABmAEgAOABZAEoAbQBCAGYAegBsAEYATwAyAHEAcgAHwAOAA2ADUANwA5AGUAYwA4ADQAMgA1ADUAYQBhAGQAOAA2ADQANgA3AGUAMgA1AGMAYQA5AGQANwAwAGIAMAAxAGYAZgBhAGQAMwBiADYAMgBmAGIANwA5ADcAZABiADMAZgAyAGMAMABhAGYAYwA1AGQAOQA3AGMAMAAzADcAMwAzAGMAMQA1ADQAOABjADkAMwBhADcAMQBlAGUAZQA4AGYANwA5ADEAYgA0AGIAYgA0ADgA"
$key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
$password = ConvertTo-SecureString -String $SecurePasswordKey -Key $key
$username = "$domain\administrator"
$cred = new-object -typename System.Management.Automation.PSCredential - argument $username, $password

The one above works successfully for hiding the password. However now i'm trying to accomplish it without the credential object and I'm having issues:

$Secure = "76492d1116743f0423413b16050a5345MgB8ADAATQA5ADAAQwBLAGIAKwBPAFEATwA2ADIASgBVADAAGIAZAAwADgAMwAzADIANQA0ADAAOQA0ADUAMgBhADMANgAyAGQANQA4AGUANwAyADgANABhAGIAOABjAGUAMgAyADAAYQBlADkAZgBlAGYAOQAxAGIAOQA="
$Key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
$password = ConvertTo-SecureString -String $Secure -Key $key
$sqlQuery | sqlplus -silent "USERNAME/$password@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(Host=database.host.net)(Port=1522))(CONNECT_DATA=(SERVICE_NAME=database.host.net)))"
Grant Campbell
  • 143
  • 2
  • 12

1 Answers1

0

Your problem is here:

$password = ConvertTo-SecureString -String $Secure -Key $key

With this line of code, the $password variable contains a SecureString object, not a plain-text string. Here's a short function that returns a plain-text string from a SecureString object:

# Return a SecureString as a String.
function ConvertTo-String {
  param(
    [Security.SecureString] $secureString
  )
  $marshal = [Runtime.InteropServices.Marshal]
  try {
    $intPtr = $marshal::SecureStringToBSTR($secureString)
    $string = $marshal::PtrToStringAuto($intPtr)
  }
  finally {
    if ( $intPtr ) {
      $marshal::ZeroFreeBSTR($intPtr)
    }
  }
  $string
}

Add this function to your script, and you can now write this:

$password = ConvertTo-String (ConvertTo-SecureString -String $Secure -Key $key)

Now $password will contain a plain-text string.

Bill_Stewart
  • 22,916
  • 4
  • 51
  • 62