-
Notifications
You must be signed in to change notification settings - Fork 1
/
Create-PasswordHash.ps1
34 lines (26 loc) · 1.25 KB
/
Create-PasswordHash.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<#
.SYNOPSIS
This script creates a password hash and key file to encode a password so it can be stored securely.
.DESCRIPTION
In order to overcome the limitations of Kerberos authentication when using vCenter Orchestrator and PowerShell, the password needs to be hashed and stored on the file system. To enable this to be portable and used by multiple service accounts, a key file will also be created to enable the hash to be decoded at run time. The hash and key files should be stored on a secured network share.
.PARAMETER filepath
The location where the hash and key files should be stored.
.EXAMPLE
PS C:\> Create-PasswordHash -Output \\file\secured$\folder
#>
Param($filepath="\\fileserver\share\folder")
Try
{
$username = Read-Host -prompt "Enter the Account Username"
$secureString = Read-Host -Prompt "Enter the Account Password" -AsSecureString
$key = New-Object byte[](32)
$rng = [System.Security.Cryptography.RNGCryptoServiceProvider]::Create()
$rng.GetBytes($key)
$encryptedString = ConvertFrom-SecureString -SecureString $secureString -Key $key
$encryptedString | Out-File -FilePath $filepath\$username.txt
$key | Out-File -FilePath $filepath\$username.key
}
finally
{
if ($null -ne $key) { [array]::Clear($key, 0, $key.Length) }
}