I want to use a common password stored in our RDM DB in a powershell script, but I don't want the person executing the script to know the password.
The documentation I've seen thus far indicated the credential must be flagged to view the password. Am I missing something?
If I'm indeed correct, maybe it should be a Feature Request for a PS Function to be created that can retrieve the Credential from RDM and return it to the user as a SecureString variable. This would allow for use/reuse by the user without knowing it.
$secrecredential = "PasswordFromRDMGoesHere" | ConvertTo-SecureString -AsPlainText -Force
Of course, you should probably log this separately in the session logs since once it's in a variable it could be 're-used' multiple times within a session with only 1 logged action of it being used.
I think that I have an idea on how could add this in a PowerShell entry type. I'm not sure if it will work but we will try it.
There is a security issue to create a command in PowerShell that returns the password as secure string to an user that shouldn't be able to view the password because there are ways to convert the secure string variable as string and be able to view the password.
Here's a way:
$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($secureString)
$result = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)