保存凭据以供 powershell 重用和错误 ConvertTo-SecureString : Key not valid for use in specified state [英] Saving credentials for reuse by powershell and error ConvertTo-SecureString : Key not valid for use in specified state
问题描述
我正在做类似这篇文章中描述的事情来将凭据保存在安全文件中,以便我们的自动化过程可以使用它通过调用命令运行远程 PS 脚本:http://blogs.technet.com/b/robcost/archive/2008/05/01/powershell-tip-storing-and-using-password-credentials.aspx
I was doing something like described in this post to save credentials in a secured file so our automated process can use that to run remote PS scripts via Invoke-command: http://blogs.technet.com/b/robcost/archive/2008/05/01/powershell-tip-storing-and-using-password-credentials.aspx
当我在我的帐户下运行它时效果很好 - 从加密文件中读取密码,传递给 Invoke-command 并且一切正常.
This works great when I run this under my account - password is read from encrypted file, passed to Invoke-command and everything is fine.
今天,当我的脚本准备好迎接它的黄金时间时,我尝试在自动进程将使用的 Windows 帐户下运行它,并在我的脚本尝试从文件中读取安全密码时出现以下错误:
Today, when my script was ready for its prime time, I tried to run it under windows account that will be used by automated process and got this error below while my script was trying to read secured password from a file:
ConvertTo-SecureString : Key not valid for use in specified state.
At \remotedscript.ps1:210 char:87
+ $password = get-content $PathToFolderWithCredentialspass.txt | convertto-sec
urestring <<<<
+ CategoryInfo : InvalidArgument: (:) [ConvertTo-SecureString], C
ryptographicException
+ FullyQualifiedErrorId : ImportSecureString_InvalidArgument_Cryptographic
Error,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand
让我的同事在他的帐户下运行,他得到了同样的错误.
Asked my workmate to run under his account and he got the same error.
这是我用来保存凭据的代码:
This is the code I am using to save credentials:
$PathToFolderWithCredentials = "\path
emoved"
write-host "Enter login as domainlogin:"
read-host | out-file $PathToFolderWithCredentialslogin.txt
write-host "Enter password:"
read-host -assecurestring | convertfrom-securestring | out-file $PathToFolderWithCredentialspass.txt
write-host "*** Credentials have been saved to $pathtofolder ***"
这是脚本中的代码,由自动化进程运行以读取它们以在调用命令中使用:
This is the code in the script to run by automated process to read them to use in Invoke-command:
$login= get-content $PathToFolderWithCredentialslogin.txt
$password = get-content $PathToFolderWithCredentialspass.txt | convertto-securestring
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $login,$password
错误发生在行 $password = get-content $PathToFolderWithCredentialspass.txt |转换为安全字符串
Error happens on line $password = get-content $PathToFolderWithCredentialspass.txt | convertto-securestring
有什么想法吗?
推荐答案
ConvertFrom-SecureString
采用 Key
(和 SecureKey
)参数.您可以指定密钥来保存加密的标准字符串,然后在 ConvertTo-SecureString
中再次使用该密钥来取回安全字符串,而不管用户帐户如何.
ConvertFrom-SecureString
takes a Key
( and SecureKey
) parameter. You can specify the key to save the encrypted standard string and then use the key again in ConvertTo-SecureString
to get back the secure string, irrespective of the user account.
http://technet.microsoft.com/en-us/library/dd315356.aspx
在一个项目中,我实现了非对称加密,人们使用公钥加密密码,自动化过程有私钥来解密密码:在生产配置中处理密码以进行自动化部署
In a project, I have implemented asymmetric encryption, whereby people encrypt the password using the public key and the automation process has the private key to decrypt passwords: Handling passwords in production config for automated deployment
这篇关于保存凭据以供 powershell 重用和错误 ConvertTo-SecureString : Key not valid for use in specified state的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!