FieldNote: Secure password in file?

Sometimes you must store a password for an account in a PowerShell script file. One option is to leverage the ConvertTo-SecureString cmdlet. By running this cmdlet on a machine, with a specific password, a secure string is generated. You put that value into your file, and then you can run a ConvertFrom-SecureSting to run the script securely.

However, I ran into another option someone used. The engineer saved a password in the file and it appeared as ‘********’. How did the engineer hide the password? They didn’t! The password was ********. ‘Security by Obscurity’? I guess. Nevertheless, the average person looking at this file may assume that the password was encrypted and therefore, not able to be deciphered.

So there you go, a password value that looks secure. Another note from the field. You can’t make this stuff up!