While I use the method mentioned in this thread PowerShell's Invoke-RestMethod equivalent of curl -u (Basic Authentication) I could get connected to REST API without a 401 error.
However currently I am giving my password in Plain Text.
I want a way to use a Hash of my password and then use it in the script.
The script then should be able to decrypt it too. But I don't want others who have access to the script, be able to decrypt it.
So I don't want to expose the decryption algorithm as well to any.
Proposed method I am thinking of: Combine existing HASH algorithms in a mixed random way (by feeding the HASH of one algorithm to another) which only I know and then have a custom Powershell function/cmdlet/whatever in the script which knows to decrypt.
Is there a simpler and better way?
Before I try the proposed method I would like to hear from others on any better ways.
Entire script is as below.
$User = "domain\userName"
$uri = "https://TeamProjectCollectionURI/TeamProjectName/_apis/build/builds"
$securePassword = ConvertTo-SecureString 'PasswordWhichContains$asWell' -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($User, $securePassword)
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $username,$credential)))
$response = Invoke-RestMethod -Method Get -Uri $uri -Credential $credential -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -ContentType application/json
$response
You can pass a username and password (masked as a secret variable) through PowerShell into a PSCredential object and use the -Credential switch when invoking the REST method:
$securePassword = $Password | ConvertTo-SecureString -AsPlainText -Force $credential = New-Object System.Management.Automation.PSCredential($User, $securePassword)
$releaseresponse = Invoke-RestMethod -Method Get -Credential $credential -ContentType application/json -Uri $Uri
More detail info please refer this blog: VSTS/TFS REST API: The basics and working with builds and releases