Remember the old cat. In a script that remotely manages a blog post for a virtual machine in Azure through PowerShell, each virtual machine access needs to be get-credential interactively to obtain user credentials for access, but this is a way to interact with the user every time. If a script that runs repeatedly is obviously not a good way to do so, it is a best practice to encrypt the user's credentials for reuse. Of course now the international version of Azure provided in the Automation Services feature contains the asset can safely retain credentials for automated script calls, because the current domestic azure service does not have this feature, so temporarily can only press the table is not, of course, if only this article is ended, This article describes a method that can be used to refer to the Automation service before it arrives.
Since this method uses the process of encrypting and decrypting through certificates, it is necessary to decrypt the certificate private key in the management client and encrypt the certificate public key; If you do not know the self-signed certificate, you can refer to the method of creating a self-signed certificate through the MakeCert tool. In this way, you can safely obtain user credentials for encrypted files that are saved in this way as long as the management node or the virtual machine in Azure has the corresponding certificate private key.
The certificate public key is encrypted and persisted to the Mypassword.txt of the current user's environment through the BASE64 format.
$cert = Get-childitem Cert:\localmachine\my\[certificate thumbprint] $bytes = [Text.encoding]::utf8. GetBytes ("Putyourpasswordhere") $encrypt = $cert. PublicKey.Key.Encrypt ($bytes, $true) $base = [Convert]::tobase64string ($encrypt) set-content $HOME \myencrptpwd.txt $base 64
In the corresponding installation certificate, the private key node obtains the user credentials used to run the script:
$cert = Get-childitem Cert:\localmachine\my\[certificate thumbprint] $base = get-content $HOME \myencrptpwd.txt$ encrypt = [Convert]::frombase64string ($base) $bytes = $cert. Privatekey.decrypt ($encrypt, $true) $password = [Text.encoding]::utf8. GetString ($bytes)
User credentials for Azure virtual machine management best Practices