Secure way to save ClientId and ClientSecret to authenticate to Azure using Connect-AzAccount

Question

I am looking for a secure way to have a script running on a local machine and authenticate using these commands in Azure :

$Password = ConvertTo-SecureString -AsPlainText "my_secret" -Force
$Credential = New-Object System.Management.Automation.PSCredential ("my_client_id", $Password)
$TenantId = "my_tenant_id"
Connect-AzAccount -ServicePrincipal -Credential $Credential -Tenant $TenantId

The issue is that I do not want to save the secret as plain text in the script. The only solution I have found was to encrypt SecureString password and save it in a file that can be decrypted using a key. This way, the secret is never in plain text.

Is there any other "clean" way to do this?

Thanks !

score 4 · Answer 1 · answered Jun 19 '20 at 13:02

Create a credential object one time and use Export-Clixml to store it for the current user/machine.

You can then use Import-Clixml to read them back in to your script.

Sample

# Set credentials
$Credentials = Get-Credential        # Set your id and secret
$Credentials | Export-Clixml -Path $PSScriptRoot\Access.xml -Confirm:$false


# Read the credentials
$Credentials = Import-Clixml -Path $PSScriptRoot\Access.xml

Secure way to save ClientId and ClientSecret to authenticate to Azure using Connect-AzAccount

1 Answers1

Sample