![]() ![]() You can find the instructions in the “Use the Azure AD method” section of How to install and configure Azure PowerShell. You can create at least one organizational ID for any Azure account, even one that is secured with a Microsoft account, such as an account. Throw "Failed to store encrypted string at $FilePath." $secure = Read-Host -AsSecureString "Enter your Azure organization ID password." $encrypted = ConvertFrom-SecureString -SecureString $secure $result = Set-Content -Path $FilePath -Value $encrypted -PassThru if ( ! $result ) Here’s a little function that saves any password to disk as an encrypted string. $result = Add-AzureAccount -Credential $cred $cred = New-Object -TypeName ($username, $securePassword) $username = ConvertTo-SecureString (Get-Content -Path $FilePath) $username = $securePassword = ConvertTo-SecureString ( Get-Content -Path $FilePath ) $cred = New-Object -TypeName ( $username, $securePassword ) $result = Add -AzureAccount -Credential $cred Then, in Azure PowerShell scripts, you use almost the same code for your Add-AzureAccount command, except that you add a Get-Content command to get the encrypted string from its file. If anyone happened to peek in that file, they’d see something that looks like this. The result is a secure string.ĬonvertFrom-SecureString -SecureString $secure | Out -File -FilePath $FilePathĬonvertFrom-SecureString -SecureString $secure | Out-File -FilePath $FilePath The AsSecureString parameter is equivalent to piping the password string that you type to the ConvertTo-SecureString cmdlet. In this code, we use the Read-Host cmdlet to prompt you for the password (just once). If you need to save a password on disk, at least save it in an encrypted string. Although no method is completely secure, storing a password in plain text in a text/script file on disk is downright scary. $cred = New-Object ($username, $securePassword) $securePassword = ConvertTo-SecureString ` String "" -AsPlainText -Force $cred = New-Object ( $username, $securePassword ) $username = "" $securePassword = ConvertTo-SecureString ` When you call Add-AzureAccount with the PSCredential object, it uses the credentials to sign you in so you are not prompted. Then, you pass it the username and a secure string form of the password of your Azure account. As an alternative to the equally interactive Get-Credential cmdlet, you use the New-Object cmdlet to create a PSCredential object. Here’s the snippet for adding an Azure account to Windows PowerShell in a script. It works only with an organizational ID (not with a Microsoft account), but it’s easy to create an organizational ID for any account. This is a great strategy, except that the token expires (in about 12 hours) and the interactive sign-in prompt prevents you from using it in a script.īeginning in Azure PowerShell 0.8.9, you can use the Credential parameter of Add-AzureAccount to suppress the sign-in pop-up. When sign-in succeeds, information about your Azure account is saved in a subscription data file in your roaming user profile and Windows PowerShell gets an access token that it can use to access your Azure account on your behalf. ![]() The Add-AzureAccount cmdlet prompts you to sign into your Azure account by popping up a sign-in window. You can also use Azure Active Directory (Azure AD). This technique uses a management certificate with security credentials and, while it’s a bit more complex, once the certificate is on the machine, you can access your Azure account in Windows PowerShell. You can download ( Get-AzurePublishSettingsFile) and import ( Import-AzurePublishSettingsFile) a PublishSettings file. I explain one in this post.Īs users of Azure PowerShell know well, there have always been two distinct ways of making your Azure account available to Windows PowerShell. Unfortunately, the instructions tell you to save your Azure password in plain text, but there are much more secure alternatives. One of the great features of the recent versions of Azure PowerShell is a non-interactive option for the Add-AzureAccount cmdlet. ![]()
0 Comments
Leave a Reply. |