保存凭据以通过Powershell进行重用,并出现错误ConvertTo-SecureString:密钥在指定状态下无效 [英] Saving credentials for reuse by powershell and error ConvertTo-SecureString : Key not valid for use in specified state
问题描述
我正在按照本文中的描述进行操作,以将凭据保存在安全文件中,以便我们的自动化过程可以通过Invoke命令使用它来运行远程PS脚本:
http://blogs.technet.com/b /robcost/archive/2008/05/01/powershell-tip-storing-and-using-password-credentials.aspx
I was doing something like described in this post to save credentials in a secured file so our automated process can use that to run remote PS scripts via Invoke-command: http://blogs.technet.com/b/robcost/archive/2008/05/01/powershell-tip-storing-and-using-password-credentials.aspx
当我在我的帐户下运行此命令-从加密文件中读取密码,将其传递给Invoke-command,一切正常。
This works great when I run this under my account - password is read from encrypted file, passed to Invoke-command and everything is fine.
今天,当我的脚本准备就绪时,我尝试在Windows帐户下运行该帐户,该帐户将由自动化过程使用,并且在我的脚本尝试从文件读取安全密码时出现以下错误:
Today, when my script was ready for its prime time, I tried to run it under windows account that will be used by automated process and got this error below while my script was trying to read secured password from a file:
ConvertTo-SecureString : Key not valid for use in specified state.
At \\remoted\script.ps1:210 char:87
+ $password = get-content $PathToFolderWithCredentials\pass.txt | convertto-sec
urestring <<<<
+ CategoryInfo : InvalidArgument: (:) [ConvertTo-SecureString], C
ryptographicException
+ FullyQualifiedErrorId : ImportSecureString_InvalidArgument_Cryptographic
Error,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand
要求我的同事在他的帐户下运行,他遇到了同样的错误。
Asked my workmate to run under his account and he got the same error.
这是我用来保存凭据的代码:
This is the code I am using to save credentials:
$PathToFolderWithCredentials = "\\path\removed"
write-host "Enter login as domain\login:"
read-host | out-file $PathToFolderWithCredentials\login.txt
write-host "Enter password:"
read-host -assecurestring | convertfrom-securestring | out-file $PathToFolderWithCredentials\pass.txt
write-host "*** Credentials have been saved to $pathtofolder ***"
这是脚本中的代码,该代码由自动化过程运行以读取它们以供调用命令使用:
This is the code in the script to run by automated process to read them to use in Invoke-command:
$login= get-content $PathToFolderWithCredentials\login.txt
$password = get-content $PathToFolderWithCredentials\pass.txt | convertto-securestring
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $login,$password
错误发生在$ password = get-content $ PathToFolderWithCredentials\pass.txt | convertto-securestring
Error happens on line $password = get-content $PathToFolderWithCredentials\pass.txt | convertto-securestring
有什么想法吗?
推荐答案
ConvertFrom-SecureString 使用一个 Key (和 SecureKey )参数。您可以指定密钥以保存加密的标准字符串,然后在 ConvertTo-SecureString 中再次使用该密钥,以获取安全字符串,而与用户帐户无关。
ConvertFrom-SecureString takes a Key ( and SecureKey) parameter. You can specify the key to save the encrypted standard string and then use the key again in ConvertTo-SecureString to get back the secure string, irrespective of the user account.
http://technet.microsoft .com / en-us / library / dd315356.aspx
在一个项目中,我实现了非对称加密,即人们使用公钥对密码进行加密并且自动化过程具有专用密钥来解密密码:在生产配置中处理密码以进行自动部署
In a project, I have implemented asymmetric encryption, whereby people encrypt the password using the public key and the automation process has the private key to decrypt passwords: Handling passwords in production config for automated deployment
这篇关于保存凭据以通过Powershell进行重用,并出现错误ConvertTo-SecureString:密钥在指定状态下无效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
