-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Create-VCenterCredentials.ps1
126 lines (103 loc) · 4.21 KB
/
Create-VCenterCredentials.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
<#
.SYNOPSIS
Encrypts and stores vCenter credentials using a shared encryption key.
.DESCRIPTION
This script prompts the user to enter vCenter credentials, encrypts the password using a predefined encryption key,
and saves the encrypted password along with the username to a specified file. This setup allows multiple administrators
or automated tasks to access shared credentials securely.
.AUTHOR
virtualox
.GITHUB_REPOSITORY
https://github.com/virtualox/VM-Balancer
.LICENSE
This script is licensed under the GPL-3.0 License. See the LICENSE file for more information.
.USAGE
.\Create-VCenterCredentials.ps1
.NOTES
- Ensure that the encryption key has been generated using Generate-EncryptionKey.ps1 before running this script.
- The encryption key path and credential storage path must match those used in Balance-VMs.ps1.
- Store the encrypted credentials file in a secure location with restricted access.
#>
# === Configuration Variables ===
# Path to the encryption key file
$encryptionKeyPath = "C:\Secure\Credentials\encryptionKey.key" # <-- Must match the key generated by Generate-EncryptionKey.ps1
# Path where the encrypted credentials will be stored
$credentialPath = "C:\Secure\Credentials\vcCredentials.xml" # <-- Update this path as needed
# === End of Configuration Variables ===
# Function to check if the encryption key exists
function Test-EncryptionKeyExists {
param (
[string]$Path
)
return (Test-Path -Path $Path)
}
# Function to encrypt and store credentials
function Encrypt-And-Store-Credentials {
param (
[string]$KeyPath,
[string]$CredPath
)
try {
# Prompt user for vCenter credentials
$credential = Get-Credential -Message "Enter your vCenter credentials"
$username = $credential.Username
$password = $credential.Password
# Read the encryption key
$key = Get-Content -Path $KeyPath -Encoding Byte
# Encrypt the password
$encryptedPassword = $password | ConvertFrom-SecureString -Key $key
# Create a custom object to store username and encrypted password
$credentialObject = [PSCustomObject]@{
Username = $username
EncryptedPassword = $encryptedPassword
}
# Save the credential object to the specified path
$credentialObject | ConvertTo-Json | Set-Content -Path $CredPath -Force
Write-Output "vCenter credentials have been encrypted and stored successfully at '$CredPath'."
}
catch {
Write-Error "Failed to encrypt and store credentials: $_"
exit 1
}
}
# Function to secure the credentials file by setting appropriate permissions
function Secure-CredentialsFile {
param (
[string]$Path
)
try {
$acl = Get-Acl -Path $Path
# Define the access rule: Only Administrators and specific users/groups have access
$currentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
$permission = "$currentUser","FullControl","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl -Path $Path -AclObject $acl
Write-Output "Set restricted permissions on '$Path'."
}
catch {
Write-Warning "Failed to set permissions on '$Path'. Please ensure it is secured properly."
}
}
# Main Execution
# Check if encryption key exists
if (-not (Test-EncryptionKeyExists -Path $encryptionKeyPath)) {
Write-Error "Encryption key not found at '$encryptionKeyPath'. Please generate it using Generate-EncryptionKey.ps1 before storing credentials."
exit 1
}
# Ensure the directory exists
$directory = Split-Path -Path $credentialPath -Parent
if (-not (Test-Path -Path $directory)) {
try {
New-Item -Path $directory -ItemType Directory -Force | Out-Null
Write-Output "Created directory '$directory'."
}
catch {
Write-Error "Failed to create directory '$directory': $_"
exit 1
}
}
# Encrypt and store the credentials
Encrypt-And-Store-Credentials -KeyPath $encryptionKeyPath -CredPath $credentialPath
# Secure the credentials file
Secure-CredentialsFile -Path $credentialPath