User credentials for Azure virtual machine management best Practices

Source: Internet
Author: User

Remember the old cat. In a script that remotely manages a blog post for a virtual machine in Azure through PowerShell, each virtual machine access needs to be get-credential interactively to obtain user credentials for access, but this is a way to interact with the user every time. If a script that runs repeatedly is obviously not a good way to do so, it is a best practice to encrypt the user's credentials for reuse. Of course now the international version of Azure provided in the Automation Services feature contains the asset can safely retain credentials for automated script calls, because the current domestic azure service does not have this feature, so temporarily can only press the table is not, of course, if only this article is ended, This article describes a method that can be used to refer to the Automation service before it arrives.


Since this method uses the process of encrypting and decrypting through certificates, it is necessary to decrypt the certificate private key in the management client and encrypt the certificate public key; If you do not know the self-signed certificate, you can refer to the method of creating a self-signed certificate through the MakeCert tool. In this way, you can safely obtain user credentials for encrypted files that are saved in this way as long as the management node or the virtual machine in Azure has the corresponding certificate private key.


The certificate public key is encrypted and persisted to the Mypassword.txt of the current user's environment through the BASE64 format.

$cert = Get-childitem Cert:\localmachine\my\[certificate thumbprint] $bytes = [Text.encoding]::utf8. GetBytes ("Putyourpasswordhere") $encrypt = $cert. PublicKey.Key.Encrypt ($bytes, $true) $base = [Convert]::tobase64string ($encrypt) set-content $HOME \myencrptpwd.txt $base 64


In the corresponding installation certificate, the private key node obtains the user credentials used to run the script:

$cert = Get-childitem Cert:\localmachine\my\[certificate thumbprint] $base = get-content $HOME \myencrptpwd.txt$ encrypt = [Convert]::frombase64string ($base) $bytes = $cert. Privatekey.decrypt ($encrypt, $true) $password = [Text.encoding]::utf8. GetString ($bytes)


User credentials for Azure virtual machine management best Practices

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.