1

Is it possible to concatenate a secure string with variables and unsecure strings in PowerShell?

I have a formula that is used for local administrator passwords in our standalone environment (no domain). I would like to store part of that formula in a file securely, then get that, convert it to a regular string, and concatenate it with another object and another string to form the password.

My intent is not to expose our formula in plain text in the workflow that I am putting together. Is there another way that I am missing? It's too many machines to easily store each password separately.

Improve this question

1 Answer 1

Reset to default
2

Credential objects allow you to decrypt a secure string (source):

PS C:\> $pw = 'bar' | ConvertTo-SecureString -AsPlainText -Force
PS C:\> $pw.GetType().FullName
System.Security.SecureString
PS C:\> $cred = New-Object Management.Automation.PSCredential 'foo', $pw
PS C:\> $cred.GetType().FullName
System.Management.Automation.PSCredential
PS C:\> $cred.UserName
foo
PS C:\> $cred.Password
System.Security.SecureString
PS C:\> $cred.GetNetworkCredential().Password
bar

However, the encryption key for the secure string is tied to the user and computer that created the secure string, so it's not usable on another computer or by another user. You can work around this, but that would require to encrypt the secure string with a key generated by you, and that key would have to be available in plain text (or rather plain bytes) whenever the secure string needs to be decrypted. Which kinda defeats the purpose of encrypting it in the first place.

On top of that, if you have enough machines to make storing separate passwords a hassle, you also have enough machines to seriously consider putting them in a domain.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yeah, I did find a way to do it. Unfortunately I don't decide what goes in a domain and what doesn't. I will just need to request login rights for the account that I will be running the application from so I can store the password crypt in a way that it can be retrieved.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.