Securely pass credentials to an executable in powershell script including needed switches

obladi oblada
obladi oblada used Ask the Experts™
on
error messageI am trying to replace a batch file that runs an automated upload process with a PowerShell script that provides better security. Currently, the executable in the batch file is run with credentials that are displayed in clear text as part of a switch. I am new to PowerShell and am having difficulty understanding how to call these credentials and apply them to the executable file I am trying to run. There seem to be a lot of posts about applying saved credentials to cmdlets, but little about working with executables. Below is a copy of my current script.
$username = "xxxxxxxx@xx.xxxx.xx.xx"
$password = "Get-Content D:\temp\axupload.txt | ConvertTo-SecureString"
$mycred = "New-Object System.Management.Automation.PSCredential -ArgumentList $username,$password"
$securepassword = "$mycred.GetNetworkCredential().Password"
$exe = "D:\Program Files (x86)\XtenderSolutions\Content Management\IndexImageImport.exe"
$appname = "HR_PERSONNEL_OPTION1"
$specname = "HR_PERSONNEL"
$filename = "\\xxxxxxx\aximport\HR\Weekly_Upload\WCHR10B.AppXtender.20181001.txt"
& $exe /U $username /W $securepassword /A $appname /S $specname /F $filename

Attached is the error message returned by the application.  So it does not appear to be getting the needed credentials.
I am trying to understand the correct method to pass user credentials to an older exe application without having theses credentials in plain text.  I already tried a version of the script using -credential, but it does not recognize that.

error message
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Jeremy WeisingerSenior Network Consultant / Engineer

Commented:
Do you have the error message?

Author

Commented:
I uploaded a screenshot called index_image_error.
Jeremy WeisingerSenior Network Consultant / Engineer

Commented:
Unfortunately I don't see anything attached to the question. Could you try again or embed the pic in your post?
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

Most Valuable Expert 2018
Distinguished Expert 2018
Commented:
The issue is that you enclosed cmdlet calls into double quotes (lines 2, 3, 4), changing them to simple strings.
Assuming you created axupload.txt by passing a secure string password to ConvertFrom-SecureString and then saving that:
$username = "xxxxxxxx@xx.xxxx.xx.xx"
$password = Get-Content D:\temp\axupload.txt | ConvertTo-SecureString
$mycred = New-Object System.Management.Automation.PSCredential -ArgumentList $username, $password
$plaintextPassword = $mycred.GetNetworkCredential().Password
$exe = "D:\Program Files (x86)\XtenderSolutions\Content Management\IndexImageImport.exe"
$appname = "HR_PERSONNEL_OPTION1"
$specname = "HR_PERSONNEL"
$filename = "\\xxxxxxx\aximport\HR\Weekly_Upload\WCHR10B.AppXtender.20181001.txt"
& $exe /U $username /W "`"$plaintextPassword`"" /A $appname /S $specname /F $filename

Open in new window

Author

Commented:
You are awesome!  It does work as you have laid it out.  I don't fully understand the application of the " or `.  I do need to make one small tweak which is to add the /Q option to the end of the file name.  I tried it both outside the " and inside, but it tells me it can't find the file, so there's something about my layout.
$filename = "\\xxxxxxx\aximport\HR\Weekly_Upload\WCHR10B.AppXtender.20181001.txt /Q"   The /Q is an option on the filename switch to check for unique key.  Any ideas of how I would add this to the filename?   Thanks
Most Valuable Expert 2018
Distinguished Expert 2018
Commented:
That's just another option, not a part of the file name:
& $exe /U $username /W "`"$plaintextPassword`"" /A $appname /S $specname /F $filename /Q

Open in new window

The "`"$plaintextPassword`"" is required because PowerShell only automatically adds quotes around a command line option if there's a space in the string; a password might contain other critical characters that should be enclosed in quotes, and that's a way to solve this.

Author

Commented:
Yes, that worked as well.  Once last question I wanted to stick something at the end that would remove the plaintext password from memory.  I understand there is a "Remove-Variable" command.  Would that be Remove-Variable $PlaintextPassword?   thanks,
Most Valuable Expert 2018
Distinguished Expert 2018
Commented:
No, you need the name (plaintextPassword) of the variable, not its content ($plaintextPassword).
Remove-Variable -Name plaintextPassword

Open in new window

Author

Commented:
That did the trick.  Thanks for your help.  I am going to close the question.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial