Making a securestring XML file

Question

How can I generate a file that looks like

<Configuration>
  <UserName>oracle</UserName>
  <Password>01000000d08c9ddf...</Password>
  <SshFingerPrint>01000000d08c9ddf0115d...</SshFingerPrint>
</Configuration>

I would like to use the XML file in my script

[xml]$config = Get-Content "$PSScriptRoot\config.xml"
$sessionOptions = New-Object WinSCP.SessionOptions -Property @{
    Protocol = [WinSCP.Protocol]::Scp
    HostName = "127.0.0.1"
    UserName = $config.Configuration.UserName
    Password = ConvertTo-SecureString $config.Configuration.Password
    SshHostKeyFingerprint = ConvertTo-SecureString $config.Configuration.SshFingerPrint
}

$session = New-Object WinSCP.Session

Adding to what Martin Prikryl gave you. Dealing with securing credentials in PowerShell scripts is a regularly talked about and well covered / documented thing. Be it using xml, txt, registry, DB, or Windows Credential Manager. Nothing prevents you from using them to create the file that you are after. See a sample source list here: --- https://www.reddit.com/r/PowerShell/comments/bv7ywa/whats_the_best_practice_for_passwords_in_ps/epoux2c/?context=3 --- so, there are choices for many use cases. — postanote, Jun 21 '19 at 07:03

score 0 · Answer 1 · edited Jun 20 '20 at 09:12

Well, you took that code from WinSCP article Protecting credentials used for automation.

And that article shows how to encrypt the password for a use in the configuration file:

To encrypt the password use ConvertFrom-SecureString cmdlet:
Read-Host -AsSecureString | ConvertFrom-SecureString

To encrypt a public key you could use the same technique. But it makes no sense. It's public key. No need to encrypt it.

Making a securestring XML file

1 Answers1