Server Automation Practitioners Forum
Showing results for 
Search instead for 
Do you mean 

embedding passwords in scripts? Is there a better way?

Occasional Contributor

embedding passwords in scripts? Is there a better way?

There are several scenarios where I need to execute a script that requires a password to an external system.  Is there a recommended best practice for doing this?

 

The current need is to join a windows computer to the domain, which is very common.  But, there are other scenarios where credentials are needed.

 

If this is covered in the documentation somewhere I missed it.  I have tried to use the powershell PSCredential object to store encrypted credentials with mixed results.

 

Any help would be appreciated!

 

thanks!

 

-james

 

2 REPLIES
Highlighted
Occasional Contributor

Re: embedding passwords in scripts? Is there a better way?

We decided that securing the folder the script lives in inside of HP-SA is sufficient for scripts that require stored credentials.  We'll limit exposure by using credentials that only have the priviliges needed for the task at hand.

 

However, a follow up question specific to joining a windows machine to a domain.  I have two powershell scripts to do this, the first one renames the system and reboots.  The second script joins the system to the domain and reboots.  The problem is that HPSA seems to execute the second script before the first one completes.  The error I get from the second script is that it failed to run because the system is shutting down.  Clearly undesirable.

 

But, how do I tell HP-SA that a script is going to reboot the server and the next script should delay execution?

 

thanks,

 

-james

 

Occasional Contributor

Re: embedding passwords in scripts? Is there a better way?

Ok, to answer my own question.  The script that needs the server to be restarted needs to print a specific string back to HP-SA to indicate a forced reboot.  For powershell it looks like this:

 

write-host "OPSW_FORCE_REBOOT";
Restart-Computer;