Segurança. Encriptando Senhas no Powershell


 

Pessoal,

A maioria dos meus exemplos eu uso Windows Authentication, mas nem todos podem se dar a este luxo.

Todos cmdlets (e a SMO)  para se conectar  no SQL Server, você pode passar usuário e senha.

Tá, mas como eu passaria ? –username “Eu” –Password “AgoraTodoMundoSabeMinhaSenha” ?

Não é legal né..pra isso tem uma library muito show chamada Library-StringCripto (obrigado ao Steve) e você pode baixar ela here.

Bom, basicamente ela tem duas funções. Uma pra encriptar e outra pra decriptar. Mas a sacada dela é que tanto pra encriptar como pra decriptar, voçe precisa passar uma password phrase. Ou seja, somente sera decriptada uma string se a password phrase passada for a mesma que foi encriptada. 🙂

Mas vamos ao que interessa :

Tenho um txt com todos os meu servidores..digamos R2D2 e R2D2\SQLServer2008

Digamos que eu queria usar a invoke-dbmaint  (post abaixo) para fazer um checkdb em todos os servidores no meu txt.

 

Normalmente a gente criaria o txt assim :
R2D2
R2D2\SQLServer2008
 

mas no caso, vamos passar também o username a senha..algo como

R2D2,username,senha
R2D2\SQLServer2008,username,senha
 

Intaum primeiramente precisamos encriptar este txt :

 

   1:  
   2:  $ServerName = "R2D2"
   3:  $UserName = "Login1"
   4:  $Password = "Senha1"
   5:  $PasswordToEncrypt = "YourPassword"
   6:  $UserNameEncrypt = Write-EncryptedString -inputstring $UserName -Password $PasswordToEncrypt 
   7:  $PasswordEncrypt = Write-EncryptedString -inputstring $Password -Password $PasswordToEncrypt 
   8:   "$($Servername),$($UserNameEncrypt),$($PasswordEncrypt)" | Out-File c:\temp\securePassword.txt -Append
   9:  
  10:  $ServerName = "R2D2\SQLServer2008"
  11:  $UserName = "Login2"
  12:  $Password = "senha2"
  13:  $PasswordToEncrypt = "YourPassword"
  14:  $UserNameEncrypt = Write-EncryptedString -inputstring $UserName -Password $PasswordToEncrypt 
  15:  $PasswordEncrypt = Write-EncryptedString -inputstring $Password -Password $PasswordToEncrypt 
  16:  "$($Servername),$($UserNameEncrypt),$($PasswordEncrypt)" | Out-File c:\temp\securePassword.txt -Append

E o txt ficaria assim :

image

Com o username e senha encriptados..

Bom agora é somente “splitar”, decriptar e be happy 🙂

   1: Get-Content c:\temp\securePassword.txt | foreach { 
   2:     [array] $Split = ($_).split(",")
   3:    Invoke-DBMaint -server  $($Split[0]) -UserName (Read-EncryptedString -InputString $Split[1] -password "YourPassword" ) -Password (Read-EncryptedString -InputString $Split[2] -password "YourPassword" )  -Databases "SYSTEM" -Action "CHECK_DB"  -ReportOn c:\Temp
   4: }

 

Dont worry..Be happy with Powershell adn SQLPSX 🙂

POWERSHELL ROCKS !!!!

“I’m rolling thunder, pouring rain
I’m coming on like a hurricane
My lightning’s flashing across the sky
You’re only young but you’re gonna die
I won’t take no prisoners won’t spare no lives
Nobody’s putting up a fight
I got my bell I’m gonna take you to hell
I’m gonna get ya, satan get ya

Hells bells
Hells bells, you got me ringing
Hells bells, my temperature’s high
Hells bells”

Hells Bells

AC/DC

About Laerte Junior

Laerte Junior Laerte Junior is a SQL Server specialist and an active member of WW SQL Server and the Windows PowerShell community. He also is a huge Star Wars fan (yes, he has the Darth Vader´s Helmet with the voice changer). He has a passion for DC comics and living the simple life. "May The Force be with all of us"
This entry was posted in Algo que Esqueci de Categorizar. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s