Invoke-sqlcmd using a Connection String with Secrets
Product: PowerShell Universal Version: 5.6.4
I built out a Connection String that references a number of Secrets, and am passing that into an Invoke-sqlcmd, eg:Invoke-Sqlcmd -Query $Query -ConnectionString $ConnectionString -As DataSet
The odd thing is my API reports back that auth to the SQL server failed for the user the PSU Service is running as:Login failed for user ‘DOMAIN\ServiceUser’.at Invoke-SqlQuery, : line 30
It’s like it ignored the User ID & Password sections of my Connection String. I checked the SQL Server to see, and sure enough… it’s attempting the PSU Service account as the User instead of the one in the CS. Why would the catch list the PSU Service user, and not the one parsed from the CS?
The user/pass are stored as a Secret PSCred, and I reference it in the ConnectionString like:Password=$($Secret:SQLUSER.Password)
Thanks!
All Comments (1)
It probably depends on which vault your credentials are located.
Maybe this could be the problem:
Product: PowerShell Universal Version: 5.0.16 I have a secret variable defined in vault database. I have verified that I can access it by a script using code: Write-Output $Secret:MysecretVariable But when I try to get the value from an API Endpoint it always returns empty. I’am using an API token for authentication and have tried to give the api token and Identity all roles but still no luck. I can see that $ClaimsPrincipal contains the role that has access to the secret variable. I tried …