0

Hi I am trying to create Environment variable through Powershell that consist Password but I guess it needs to encrypted. But When i am trying with below code it's not working. But I need to encrypt it. Can it's possible to encrypt it and no one can see the password.

try {
    $sourceFile1 = "C:\vault\service_acct_pass.json"
    $RowValues = Get-Content $sourceFile1  | Select -skip 1 | select-string -pattern '---' -notmatch
    $RowValues = $RowValues -replace '\s{1,}',"`t" | out-file -filepath C:\vault\output.txt
    $sourceFile = "C:\vault\output.txt"
    $RowValues = Get-Content $sourceFile
    $Line = $RowValues.split("`t")
    $columnCount = (Import-Csv $sourceFile -Delimiter "`t" | get-member -type NoteProperty).count
    $myArray = @()
    for ($i=0; $i -lt $columnCount; $i++) {
        $myArray += $Line[$i]
    }
    $columnSource = import-csv $sourceFile -Delimiter "`t"
    foreach ($element in $myArray) {
    ConvertTo-SecureString "[System.Environment]::SetEnvironmentVariable($element,$columnSource.$element,[System.EnvironmentVariableTarget]::Machine)" -AsPlainText -Force
    }
    Remove-Item $sourceFile -Recurse
    }
catch {
  "Unforeseen Errors"
  $error[0]
}

Note: In the above code I am reading a file that is having key and password. When I am only using this line [System.Environment]::SetEnvironmentVariable($element,$columnSource.$element,[System.EnvironmentVariableTarget]::Machine) instead of ConvertTo-SecureString "[System.Environment]::SetEnvironmentVariable($element,$columnSource.$element,[System.EnvironmentVariableTarget]::Machine)" -AsPlainText -Force this its works fine and save the variables but it's visible to everyone.

Manish Parida
  • 53
  • 7
  • 2
    Your `ConvertTo-SecureString` line is actually doing exactly what you tells it to. The `[System.Environment]::SetEnvironmentVariable()` part is just interpreted as any text by ConvertTo-SecureString. First, I'm not sure why you would want this in an environment variable to begin with (and depending on how you are planning to use it, it might not even work) but you will have to convert the value in the desired variable (the one holding the password) rather than the class and method used to store the env var. – notjustme Apr 09 '20 at 07:59
  • Lets Ignore `ConvertTo-SecureString`. Any suggestion How we can convert the password in Environment variables to be encrypted. – Manish Parida Apr 09 '20 at 08:53
  • 4
    This seems like an [X-Y Problem](https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem) to me. What are you planning to do with password if you get it working? Perhaps there is a better solution than this to your actual problem. – boxdog Apr 09 '20 at 08:57
  • I'd rather you ignored using the env vars for whatever problem you are trying to solve. The problem isn't with `ConvertTo-SecureString`, it's how you are trying to use it. In order to demonstrate you could try running `Write-Output "Get-ChildItem -Path $PWD"` and compare it to running `Get-ChildItem -Path $PWD`. Same phenomenon. – notjustme Apr 09 '20 at 10:22
  • Maybe you should look into the [Credential Manager](https://stackoverflow.com/q/29103238/1701026) instead of environment variables – iRon Apr 09 '20 at 17:53
  • @boxdog , I have .net code running in the server which have hard-coded password in it, I want to to make it dynamically so that it can take value from Environments variable. – Manish Parida Apr 10 '20 at 05:54
  • @iRon : I don't think so the credential manager will work on this scenario. – Manish Parida Apr 10 '20 at 05:55
  • @notjustme : can you please elaborate more on the this scenario. – Manish Parida Apr 10 '20 at 05:57

0 Answers0