VMware PowerCLI
The Best User Interface for your VMware Datacenter!
The Best User Interface for your VMware Datacenter!
The Best User Interface for your VMware Datacenter!
The CredentialStoreItem cmdlets, in their current implementation, use the DPAPI methods to encrypt/decrypt, and store the data in a local XML file.
The DPAPI is the reason these cmdlets are not supported on PS Core.
This proposal suggests providing the possibility to use any Credential Store solution to store and retrieve credentials.
This could be implemented by asking the user to provide basic CRUD functionality to access his Credential Store solution of choice. This functions could even be provided as code-block parameters on the CredentialStoreItem cmdlets.
If none are provided, the cmdlets can eventually fall back on their current solution.
Luc Dekens
How and where these hooks are provided is completely your choice.
Several of the old 'Guest' cmdlets used scripts in a specific folder, but that is just one option.
Securing such hooks is another chapter, which I'm sure the excellent PowerCLI Devs can tackle.
The calling cmdlet could, for example, insist that these blocks are signed.
Attachments Open full size
So, a PowerCLI configuration parameter to set a script or code block for handling storage of secrets?
Attachments Open full size