Skip to content

Instantly share code, notes, and snippets.

@infamousjoeg

infamousjoeg/protectCredential.ps1

Last active February 5, 2020 17:58
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save infamousjoeg/1415ea69f7583ed4837b013ee48f6320 to your computer and use it in GitHub Desktop.
Save infamousjoeg/1415ea69f7583ed4837b013ee48f6320 to your computer and use it in GitHub Desktop.
Download ZIP
Protecting Credentials Retrieved using @cyberark AAM Credential Providers in PowerShell Scripts [Recommended Best Practice]
Raw
protectCredential.ps1
# Import the modules to be used
Import-Module psPAS # https://github.com/pspete/psPAS
Import-Module CredentialRetriever # https://github.com/pspete/CredentialRetriever
# Before login, we'll request the credentials from AAM and immediately pass the PSCredential object for secure login
New-PASSession -BaseURI https://pvwa.joegarcia.dev -Credential $(Get-CCPCredential -URL https://pvwa.joegarcia.dev -AppID ApplicationID -Safe SafeName -UserName ServiceManagerUser).ToCredential() -type LDAP
# Do stuff here...
# Finally,
Close-PASSession
Raw
readyForDeployment.md

Prior to Deployment

You will want to be sure to protect the source code of the script by creating an executable out of it.

This will prevent someone from being able to step through the code in debug.

I recommend using PS2EXE-GUI from TechNet to further obfuscate the source code and modifications to it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment