Powershell, Custom Credentials, and password help
Is there a way to create a custom credential entry, and write some powershell commands to return my personal credential password?
I have tried to do the following:
$myCredential = Get-RDMPersonalCredentials
$userName = $myCredential.Credentials.UserName
$domain = $myCredential.Credentials.Domain
$password = $myCredential.Credentials.SafePassword
The problem is, the contents of Credentials.SafePassword is NOT my password. It appears to be an encrypted form of my password. 
How do I return my actual personal credential password?
Another issue. I am trying to put this in a Custom Credential Enty. These commands only seems to work in powershell. When I enter this code in a custom credential entry, I get an error:
Code:
$myCredential = Get-RDMPersonalCredentials;
$userName = $myCredential.Credentials.UserName;
$domain = $myCredential.Credentials.Domain;
$password = $myCredential.Credentials.SafePassword;
$Result.Username = $userName;
$Result.Domain = $domain;
$Result.Password = $password;
I have also tried putting the commands in quotes likes this:
$myCredential = "Get-RDMPersonalCredentials";
$userName = "$myCredential.Credentials.UserName";
$domain = "$myCredential.Credentials.Domain";
$password = "$myCredential.Credentials.SafePassword";
$Result.Username = "$userName";
$Result.Domain = "$domain";
$Result.Password = "$password";
I am not getting any errors, by what returns in my clipboard is this:
Copy Username -> Get-RDMPersonalCredentials.Credentials.UserName
Copy Password ->Get-RDMPersonalCredentials.Credentials.SafePassword
All Comments (4)
Hello,
You can always assume that properties starting with "Safe" are encrypted. To obtain the plain text of the password, you must use the command Get-RDMSessionPassword (or Get-RDMPrivateSessionPassword for entries in the personal vault). However, it does not worked as intended with the personal credentials. It will be investigated, but for the moment, you can set the ID as below as a workaround.
$myCredential = Get-RDMPersonalCredentials $userName = $myCredential.Credentials.UserName $domain = $myCredential.Credentials.Domain $myCredential.ID = "9F3C3BCF-068A-4927-B996-CA52154CAE3B" $password = Get-RDMSessionPassword $myCredential -AsPlainText
For the Custom Credential Entry, I will take a look to see if I can reproduce your problem.
Thanks for your response. I am hoping you can clarify two things.
1) The GUID you show in your example. I am guessing that is specific to you? Mine is different:
2) I am getting a warning when I run the Get-RDMSessionPassword command:
The value of the $password variable is null
The description in the help section for this command says this:
DESCRIPTION
Get the password from the specified session. Session must be marked as "Allow show credentials" if not null is
returned.
How do specify the session? Also, I tried adding -ID to the command and I am still getting the same warning:
I feel like I am missing something here related to the -Session switch
1) The GUID that I set is the workaround mentionned in the previous post. It is used to flag the session as MyPersonalCredentials to force the Get-RDMSessionPassword cmdlet to resolve the password.
2) There is two way to identify the session:
- ID: With the GUID, it will search the session based on its ID. However, the personal credentials won't be found because it is stored elsewhere. That is why you obtained "Connection not found".
- Session: A PSConnection object obtained from Get-RDMSession or Get-RDMPersonalCredentials. It is the one to use in this case.
To obtain the password, try with this:
$myCredential.ID = "9F3C3BCF-068A-4927-B996-CA52154CAE3B" $password = Get-RDMSessionPassword -Session $myCredential -AsPlainText
The first line is the workaround. The second use the -Session parameter.
Hi,
With version 2022.3, due to release today, Get-RDMSessionPassword will be able to work with personal and privileged account.
In order to do so, you can use the new MyPrivilegedAccount and MyPersonalCredentials switch.
Regards
Jonathan Lafontaine