I've an application in which I have to store a password. This application is getting called with the SYSTEM user. I am already obfuscating the script and storing it in a secure location.
Now my question: Is is there any possibility to create a SecureString which can be decrypted by one or more other users?
I've read about the possibility to encrypt it with a key and then store this key in a file, but in my opinion this is nothing else than a obfuscation, because everybody who can access the key file can decrypt the password.
Thanks for your help :)
EDIT:
To clarify my question: I'd like to know if there is another solution to this than using a key file.
Yep, it's common to know that, if you force a user to enter a secure string, it can be reversed by the person who entered it, using
$credential = Get-Credential
$credential.UserName
$credential.Password
# Results
<#
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
$credential.UserName
testuser
$credential.Password
System.Security.SecureString
#>
Or using .Net namespace. So, how about taking the approach of storing the credential in Windows Credential Manager on the user machine. In your app install, you dynamically generate creds to store that you'd then use for execution. Whenever they run your code, your code calls the creds from Credential Manager, without user interaction.
There several modules in the MS PowerShellGallery.com, easily accessed and deployed on systems when targeting credential manager use.
Find-Module -Name '*credential*'
<#
Version Name Repository Description
------- ---- ---------- -----------
2.0 CredentialManager PSGallery Provides access to credentials in the Windows Credential Manager
...
1.0.11 pscredentialmanager PSGallery This module allows management and automation of Windows cached credentials.
4.5 BetterCredentials PSGallery A (compatible) major upgrade for Get-Credential, including support for storing cred...
0.0.1 SecureCredentials PSGallery This module allow to secure store encrypted credentials for running powershell daemon
1.1.7 CredentialStore PSGallery CredentialStore saves powershell credentials securely to file
...
1.1 CredentialsManager PSGallery The module Credentials Manager provides you with convenient and safe way to store y...
...
1.0.2 CredentialManagement PSGallery Manage Credentials stored in the Windows Credential Manager
1.1.0 PSCredentialTools PSGallery PSCredentialTools provides various methods for securely storing and retrieving cred...
1.1 New-Credential PSGallery Simply creates an object (System.Management.Automation.PSCredential) that can be us...
...
#>