This object does expose a property called Password which is of type SecureString. Also you could request it through well known authentication dialog and retrieve the above mentioned PSCredential object. This is a indicated way of retrieving sensitive data if user interaction is required. $securePassword = Read-Host "Please enter the password" -AsSecureString You can achieve that in the following way. With Force parameter you just confirm that you understand the implications of using the AsPlainText parameter and still want to use it.Īnother way of creating a SecureString is to interactively prompt a user for information. Be aware that you need to set two parameters in order to process your plain string correctly, and those are AsPlainText and Force.ĪsPlainText indicates that you are providing a plain text as the input and that variable is not protected. ![]() $securePassword = ConvertTo-SecureString –String $password -AsPlainText -ForceĬonvertTo-SecureString will do just that. Luckily this is a trivial task since we have a cmdlet that can help us with that. This implies that you need to transform your string to a SecureString. If you are constructing your object instance you need to provide a SecureString for the password argument in the constructor of just mentioned class. I will describe a couple of “tricks” that can be useful meanwhile working with SecureString objects. If you ever needed to supply a credential object, at example to the Invoke-RestMethod cmdlet, then you for sure came across a SecureString. ![]() If your SMTP server requires it, you can also add -UseSsl to Send-MailMessage.Ĭaveat: If you use DPAPI, the encrypted password file can only be decrypted on the machine that it was encrypted on.Īlso see the later post about how to send email via Yahoo Mail from PowerShell, including how to use a plain text password.It is quite common to get across SecureString type in PowerShell. Send-MailMessage -From $MailFrom -To $MailTo -Subject $MailSubject -Body $MailBody -Port $SMTPPort -Credential $EmailCredential $MailBody = "Here's the details about the interesting thing" $MailTo = "Something interesting just happened" $EmailCredential = New-Object -TypeName -ArgumentList $SMTPUsername,$SecureStringPassword $SMTPUsername = Get-Content -Path $EncryptedPasswordFile | ConvertTo-SecureString Send-MailMessage -From -To -Subject "Something interesting just happened" -Body "Here's the details about the interesting thing" -SmtpServer -Port 587 -Credential (New-Object -TypeName -ArgumentList -Path | ConvertTo-SecureString))īut to make it easier to interpret, here’s the same thing broken down with variables: So now shove the whole lot together, on one line (because we can, and bigger is better, right?): ![]() New-Object -TypeName -ArgumentList -Path | ConvertTo-SecureString) So now we have the password in a file, and can use this to create a PSCredential object: You can also use 128, 192 or 256-bit AES encryption. We then pass this to ConvertFrom-SecureString which takes that object and spits it out as text, encrypted with Windows Data Protection API (DPAPI). How does this work? Read-Host prompts for text, because we’ve used the -AsSecureString switch it returns the text entered as a object. Now you’ve got a text file with an encrypted password in it. Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File -FilePath the above, enter the password (which will be obscured with asterisks as you type it), and hit. So the clever way to do this is to create yourself an encrypted password file. Thus Get-Credential, in the form used above, will create the right kind of object that you can feed into Send-MailMessage, but it does it in the wrong kind of way – via a pop up a box for you to type your password into, which isn’t that handy for use in unattended scripting. Get-Credential -Message "Cough up" -Username "your_username"īut Get-Credential doesn’t have an option to accept the password as plain text, and storing a password as plain text is bad practice anyway. You can use Get-Credential to generate one of these: ![]() Sure, Send-MailMessage has a -Credentials options, but these need to be in the form of a object. However, what if you don’t have your own internal mailserver, and the only one available needs credentials? Many ISPs require authenticated SMTP now. You can even omit the -SmtpServer bit if you’ve previously set the $PSEmailServer preference variable. Send-MailMessage -From -To -Subject "Something interesting just happened" -Body "Here's the details about the interesting thing" -SmtpServer .uk You just need an SMTP server, and use Send-MailMessage: Email is a good way to send notifications from your PowerShell scripts, and it’s super easy.
0 Comments
Leave a Reply. |