ge-aerospace/powershell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove all emojis from markdown documentation

Browse Source 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
cproudlock
2025-12-10 11:03:45 -05:00
parent fc6be8a876
commit 96cb1dd946
22 changed files with 256 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
winrm-https/SECURE_CREDENTIAL_MANAGEMENT.md
View File

@@ -2,7 +2,7 @@
This guide covers secure methods for handling passwords and credentials in PowerShell, avoiding plaintext passwords in scripts and command history.
## ⚠️ Never Do This
## Never Do This
```powershell
# BAD - Password visible in script and command history
@@ -18,7 +18,7 @@ $certPass = ConvertTo-SecureString "MyPassword123!" -AsPlainText -Force
---
## Secure Methods
## Secure Methods
### Method 1: Interactive Prompt (Most Secure for Manual Use)
@@ -92,10 +92,10 @@ $certPass = Import-Clixml -Path "C:\Secure\cert-password.xml"
```
**Important notes:**
- Encrypted files can ONLY be decrypted by the same user on the same computer
- Safe to store in version control (but not recommended)
- ⚠️ Won't work if script runs as different user (e.g., scheduled task with service account)
- ⚠️ Won't work on different computer
- Encrypted files can ONLY be decrypted by the same user on the same computer
- Safe to store in version control (but not recommended)
- Won't work if script runs as different user (e.g., scheduled task with service account)
- Won't work on different computer
---
@@ -131,10 +131,10 @@ $cred = Get-StoredCredential -Target "ShopfloorAdmin"
```
**Advantages:**
- Works with scheduled tasks
- Can be used by service accounts
- Centralized management
- Encrypted by Windows
- Works with scheduled tasks
- Can be used by service accounts
- Centralized management
- Encrypted by Windows
---
@@ -152,7 +152,7 @@ $env:WINRM_CERT_PATH = "C:\Certs\wildcard.pfx"
-Domain $env:WINRM_DOMAIN
```
**⚠️ Do NOT use for passwords:**
** Do NOT use for passwords:**
```powershell
# BAD - Environment variables are not secure for passwords
$env:CERT_PASSWORD = "MyPassword" # DON'T DO THIS
@@ -350,7 +350,7 @@ $cred = Get-StoredCredential -Target "ShopfloorAdmin"
## 🛡️ Security Best Practices
### Do's
### Do's
1. **Always use SecureString for passwords**
```powershell
@@ -386,7 +386,7 @@ $cred = Get-StoredCredential -Target "ShopfloorAdmin"
[System.GC]::Collect()
```
### Don'ts
### Don'ts
1. **Never hardcode passwords**
```powershell
@@ -420,7 +420,7 @@ $cred = Get-StoredCredential -Target "ShopfloorAdmin"
---
## 🔧 Setting Up Secure Credential Storage
## Setting Up Secure Credential Storage
### Step 1: Create Secure Directory
@@ -543,15 +543,15 @@ $cred = Get-DomainCredential
---
## 📊 Summary Comparison
## Summary Comparison
| Method | Security | Ease of Use | Automation | Cross-User | Enterprise |
|--------|----------|-------------|------------|------------|------------|
| Interactive Prompt | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | | | |
| Encrypted File | ⭐⭐⭐⭐ | ⭐⭐⭐⭐ | | | |
| Credential Manager | ⭐⭐⭐⭐ | ⭐⭐⭐ | | | ⭐⭐⭐ |
| Azure Key Vault | ⭐⭐⭐⭐⭐ | ⭐⭐ | | | ⭐⭐⭐⭐⭐ |
| Plaintext (DON'T) | | ⭐⭐⭐⭐⭐ | | | |
| Interactive Prompt | | | | | |
| Encrypted File | | | | | |
| Credential Manager | | | | | |
| Azure Key Vault | | | | | |
| Plaintext (DON'T) | | | | | |
---