DscWorkshop icon indicating copy to clipboard operation
DscWorkshop copied to clipboard

Published 20 hours ago verified publisher icon dsccommunity

Question about encrypted credentials

Open tomer-ds opened this issue 4 years ago • 3 comments

Hi,

Firstly... awesome work!!! Very informative, and VERY useful!!!

I did have a question regarding the credential credentials configuration seen in the various yaml configurations throught the built result. They seem to be encrypted and I am having trouble understanding how this was done. Since I won't be working with the lab, and will be attempting to make use of this in conjunction with my project I am looking to encrypt and configure the credentials in a way that merges with my requirements.

Could you help with an explanation, or maybe pointing me to the part of the full workshop that goes into this?

tomer-ds avatar Jul 05 '20 12:07 tomer-ds

Example:

Credential: '[ENC=PE9ianMgVmVyc2lvbj0iMS4xLjAuMSIgeG1sbnM9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vcG93ZXJzaGVsbC8yMDA0LzA0Ij4NCiAgPE9iaiBSZWZJZD0iMCI+DQogICAgPFROIFJlZklkPSIwIj4NCiAgICAgIDxUPlN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uUFNDdXN0b21PYmplY3Q8L1Q+DQogICAgICA8VD5TeXN0ZW0uT2JqZWN0PC9UPg0KICAgIDwvVE4+DQogICAgPE1TPg0KICAgICAgPE9iaiBOPSJLZXlEYXRhIiBSZWZJZD0iMSI+DQogICAgICAgIDxUTiBSZWZJZD0iMSI+DQogICAgICAgICAgPFQ+U3lzdGVtLk9iamVjdFtdPC9UPg0KICAgICAgICAgIDxUPlN5c3RlbS5BcnJheTwvVD4NCiAgICAgICAgICA8VD5TeXN0ZW0uT2JqZWN0PC9UPg0KICAgICAgICA8L1ROPg0KICAgICAgICA8TFNUPg0KICAgICAgICAgIDxPYmogUmVmSWQ9IjIiPg0KICAgICAgICAgICAgPFROUmVmIFJlZklkPSIwIiAvPg0KICAgICAgICAgICAgPE1TPg0KICAgICAgICAgICAgICA8UyBOPSJIYXNoIj4yRTdCRDJFOUMwOEJCRjgzRjJGMjdCMzVGRjE1ODlGMUQyQ0VFRjA1NjkyOTUwNDQ5REU1QUEwMUJBQkNGQTlGPC9TPg0KICAgICAgICAgICAgICA8STMyIE49Ikl0ZXJhdGlvbkNvdW50Ij41MDAwMDwvSTMyPg0KICAgICAgICAgICAgICA8QkEgTj0iS2V5Ij5KYjk3bkNwWTB5Q3A1eVdBNkZKMU44c1BNTHVhbUtDQ0hKRlhHOFNyTWg2WC95SjZmRXg3dHFnelNWWmMwM1RIPC9CQT4NCiAgICAgICAgICAgICAgPEJBIE49Ikhhc2hTYWx0Ij4vbjBsakhXaGI4NUJIT0x6cnhka2tleVZHNWFMWEk4Szh2TGJrT3RycDQ0PTwvQkE+DQogICAgICAgICAgICAgIDxCQSBOPSJTYWx0Ij55SlRucW9SSlpvYXNLRXQ0ZHVXSXA5d0wyZG5sMXkwb3hNUjJiY0FYSWxRPTwvQkE+DQogICAgICAgICAgICAgIDxCQSBOPSJJViI+MSt0L054WHBLQVRlVkFIY3ludmpoV1RDcXVSQ1E5QXk2QkJXUCttOEViTT08L0JBPg0KICAgICAgICAgICAgPC9NUz4NCiAgICAgICAgICA8L09iaj4NCiAgICAgICAgPC9MU1Q+DQogICAgICA8L09iaj4NCiAgICAgIDxCQSBOPSJDaXBoZXJUZXh0Ij5Dcm9Ga0pxSEh0RGN1MEc1dTA0WWVMVVFuZ3FrOENLMy9iMU5RdzdaY25hUnJRckdYNUxHQjA5amVKQXd6b2VjTDY4cjZHRWRYK2lmZ3ZIeHVFY25DVml1QTVLT2UzcjZtZk9YcFhvbzIrND08L0JBPg0KICAgICAgPEJBIE49IkhNQUMiPnZYNk9tQzlCcUlCb0lIVG9UcVEvZHhBdkJyR0tyNXNiZVBWZGd6VDBKRkk9PC9CQT4NCiAgICAgIDxTIE49IlR5cGUiPlN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uUFNDcmVkZW50aWFsPC9TPg0KICAgIDwvTVM+DQogIDwvT2JqPg0KPC9PYmpzPg==]'

tomer-ds avatar Jul 05 '20 12:07 tomer-ds

I would recommend using this repo as a template. The build scripts turned out to be most useful as many best practices and experience from the last year has been integrated.

The credentials are encrypted with a fixed pass phrase - not the best practice but quite flexible for the context of this workshop. The pass phrase is stored in the Datum.yml.

@nyanhp has described all this in more detail in DSC Configuration data encryption done right.

raandree avatar Jul 05 '20 14:07 raandree

Here's the updated link to the blog post. The link above does not work. https://www.janhendrikpeters.de/en/post/dsc-configuration-data-encryption-done-right/

rcfmartin avatar Mar 03 '24 22:03 rcfmartin