Link to home
Create AccountLog in
Avatar of Blowfelt82
Blowfelt82

asked on

Proper way to handle encrypted passwords in deployment process.

I have an encrypted data file which stores credentials for an environment - these credentials are used as part of an automated scripted deployment solution. Basically a process runs a number of scripts/installers to configure a windows environment, if one of these scripts/applications needs a password a 'middle-man' application is called with an 'action' parameter which will then call the target application directly and pass in the decrypted username/password pairs.

The idea behind this is the 'middle-man' application will be the only tool capable of decrypting the password and will then be only to run a defined set of commands using these passwords. By defining the exact commands that can be run and passed a secure parameter I can ensure no passwords are logged and that the "middle-man" application cannot be used in an improper way...

Hopefully that makes sense... The question here is - is there a better way of doing this, it seems like a very over-engineered solution which requires rewrites of the "middle-man" application every time a new action is needed in the installation process which requires a password?

Any ideas appreciated.
ASKER CERTIFIED SOLUTION
Avatar of AndyAinscow
AndyAinscow
Flag of Switzerland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
There was no response but the Author asked for 'ideas' which were given by both the comments.

Sara