powershell - 对于VIServer和PowerCLI，如何仅在PowerShell中第一次提示输入凭据，然后存储凭据并将其用于下一次脚本运行？

Question

我希望能够使用PowerShell登录到VIServer，并在脚本首次运行时要求其提供凭据，然后将这些凭据保存在password.txt文件中，并让VIServer仅使用本地存储在本地的password.txt文件。用户的计算机(如果用户再次运行脚本)。痛苦的是，当用户要多次运行脚本时，凭据提示会不断弹出。

我可以使用从此处在Stackoverflow上发布的另一个答案的以下代码(链接:http://www.adminarsenal.com/admin-arsenal-blog/secure-password-with-powershell-encrypting-credentials-part-1)

它的工作原理是:

    Read-Host "Enter Password" -AsSecureString | ConvertFrom-SecureString |
               Out-File "G:\dev\Password.txt"

    $pass = Get-Content "G:\dev\Password.txt" | ConvertTo-SecureString

    $User = "MyUserName"
    $File = "G:\dev\Password.txt"
    $MyCredential = New-Object -TypeName System.Management.Automation.PSCredential
                    -ArgumentList $User, (Get-Content $File | ConvertTo-SecureString)

我从vmware博客(链接: http://blogs.vmware.com/PowerCLI/2011/11/have-you-seen-powerclis-credential-store-feature.html)中找到了以下内容

这是vmware博客中的代码(有一些解释):

要使用凭据存储，请执行以下操作:

New-VICredentialStoreItem -Host 192.168.10.10 -User "Andrey" -Password "my favorite password"

现在，我可以输入:

Connect-VIServer 192.168.10.10

当我未指定用户名和/或密码时，Connect-VIServer会检查凭据存储，找到我新存储的凭据并使用它。

默认情况下，凭证存储文件存储在用户配置文件目录下。已加密。如果我对您感兴趣，请查看“help * VICredentialStoreItem”以获取详细信息。

-安德烈·阿纳斯塔索夫(Andrey Anastasov)，
PowerCLI架构师

=============现在我对VIServer的修改版本===========
$主机名= 192.168.10.10

New-VICredentialStoreItem -Host $Hostname -User $User -Password $pass

我在正确的轨道上吗？

我应该怎么做才能只键入一次凭证，然后只用脚本调用$ creds变量，而不必每次都键入凭证？

Answer 1

First Save the credential to disk, like this:

$credential = Get-Credential
$credential.Password | ConvertFrom-SecureString | Set-Content c:\temp\Cred.txt

Then Load it from the disk and create a $Credential Variable like this:

$username = "Domain\UserName"
$encrypted = Get-Content C:\Temp\Cred.txt | ConvertTo-SecureString
$credential = New-Object System.Management.Automation.PsCredential($username, $encrypted)

Then You can use a Function that receive the $credential input:

function Connect-vCenter
{
    Param (

    [Parameter(Mandatory = $True)]
    $vCenterServer, 
    [System.Management.Automation.PSCredential]$Credential
    )

    if ($Credential)
    {
        Add-PSSnapin VMware.VimAutomation.Core
        Connect-VIServer $vCenterServer -Credential $Credential
    }
    else
    {
        Add-PSSnapin VMware.VimAutomation.Core
        Connect-VIServer $vCenterServer
    }

}

To Run it:

Connect-vCenter -vCenterServer vCenter -Credential $Credential

Of Course only the user that encrypt the credential can use it, if you want however to encrypt it with different key (less secure) you can add -Key Parameter like this:

$Key = [Byte]1..16
$credential.Password | ConvertFrom-SecureString -Key $Key | Set-Content c:\temp\Cred.txt

要Decrpyt:

$encrypted = Get-Content C:\Temp\Cred.txt | ConvertTo-SecureString -Key $Key
$credential = New-Object System.Management.Automation.PsCredential($username, $encrypted)