保存凭据以供 powershell 重用和错误 ConvertTo-SecureString : Key not valid for use in specified state [英] Saving credentials for reuse by powershell and error ConvertTo-SecureString : Key not valid for use in specified state

问题描述

我正在做类似这篇文章中描述的事情来将凭据保存在安全文件中，以便我们的自动化过程可以使用它通过调用命令运行远程 PS 脚本:http://blogs.technet.com/b/robcost/archive/2008/05/01/powershell-tip-storing-and-using-password-credentials.aspx

I was doing something like described in this post to save credentials in a secured file so our automated process can use that to run remote PS scripts via Invoke-command: http://blogs.technet.com/b/robcost/archive/2008/05/01/powershell-tip-storing-and-using-password-credentials.aspx

当我在我的帐户下运行它时效果很好 - 从加密文件中读取密码，传递给 Invoke-command 并且一切正常.

This works great when I run this under my account - password is read from encrypted file, passed to Invoke-command and everything is fine.

今天，当我的脚本准备好迎接它的黄金时间时，我尝试在自动进程将使用的 Windows 帐户下运行它，并在我的脚本尝试从文件中读取安全密码时出现以下错误:

Today, when my script was ready for its prime time, I tried to run it under windows account that will be used by automated process and got this error below while my script was trying to read secured password from a file:

ConvertTo-SecureString : Key not valid for use in specified state.
At \remotedscript.ps1:210 char:87
+ $password = get-content $PathToFolderWithCredentialspass.txt | convertto-sec
urestring <<<<
    + CategoryInfo          : InvalidArgument: (:) [ConvertTo-SecureString], C
   ryptographicException
    + FullyQualifiedErrorId : ImportSecureString_InvalidArgument_Cryptographic
   Error,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand

让我的同事在他的帐户下运行，他得到了同样的错误.

Asked my workmate to run under his account and he got the same error.

这是我用来保存凭据的代码:

This is the code I am using to save credentials:

$PathToFolderWithCredentials = "\path
emoved"

write-host "Enter login as domainlogin:"
read-host | out-file $PathToFolderWithCredentialslogin.txt

write-host "Enter password:"
read-host -assecurestring | convertfrom-securestring | out-file $PathToFolderWithCredentialspass.txt

write-host "*** Credentials have been saved to $pathtofolder ***"

这是脚本中的代码，由自动化进程运行以读取它们以在调用命令中使用:

This is the code in the script to run by automated process to read them to use in Invoke-command:

$login= get-content $PathToFolderWithCredentialslogin.txt
$password = get-content $PathToFolderWithCredentialspass.txt | convertto-securestring
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $login,$password

错误发生在行 $password = get-content $PathToFolderWithCredentialspass.txt |转换为安全字符串

Error happens on line $password = get-content $PathToFolderWithCredentialspass.txt | convertto-securestring

有什么想法吗?

推荐答案

ConvertFrom-SecureString 采用 Key(和 SecureKey)参数.您可以指定密钥来保存加密的标准字符串，然后在 ConvertTo-SecureString 中再次使用该密钥来取回安全字符串，而不管用户帐户如何.

ConvertFrom-SecureString takes a Key ( and SecureKey) parameter. You can specify the key to save the encrypted standard string and then use the key again in ConvertTo-SecureString to get back the secure string, irrespective of the user account.

http://technet.microsoft.com/en-us/library/dd315356.aspx

在一个项目中，我实现了非对称加密，人们使用公钥加密密码，自动化过程有私钥来解密密码:在生产配置中处理密码以进行自动化部署

In a project, I have implemented asymmetric encryption, whereby people encrypt the password using the public key and the automation process has the private key to decrypt passwords: Handling passwords in production config for automated deployment

这篇关于保存凭据以供 powershell 重用和错误 ConvertTo-SecureString : Key not valid for use in specified state的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！