POSHOrigin - Credential Resolvers

Dreamed up on 3 Jan 2016 concerning DevOps, DSC, PowerShell, VMWare

3 min read

This article is Part 7 in a 9-Part series about POSHOrigin, a PowerShell module that aims to assist you in managing your Infrastructure via custom PowerShell DSC resources.

Part 1 - POSHOrigin - Summary
Part 2 - POSHOrigin - Installation
Part 3 - POSHOrigin - Configuration File
Part 4 - POSHOrigin - Defaults File
Part 5 - POSHOrigin - Load, Test, and Execute Configurations
Part 6 - POSHOrigin - Sharing Configurations
Part 7 - POSHOrigin - Credential Resolvers <<
Part 8 - POSHOrigin - Examples
Part 9 - POSHOrigin - Wrapping Up

POSHOrigin on GitHub→

Credential Resolvers

Credential resolvers are various methods POSHOrigin can use to create a PowerShell credential object from data in the configuration file. These credentials are then passed to the DSC resource when it is compiled. Using resolvers, sensitive data like usernames / passwords can be stored separately from the configuration and pulled in when the configuration file is read and executed.

Currently, POSHOrigin supports the following resolvers:

PasswordState - Resolves a credential object using ClickStudio’s PasswordState vault. This resolver needs my PasswordState module to be installed in order to function.
ProtectedData - Resolves a credential object using Dave Wyatt’s ProtectedData PowerShell module.
PSCredential - Resolves a credential object using a plain text username and password. USE ONLY FOR TESTING!

PasswordState Example

1
2
3
4
5
6
7
8
9
10
11
12
resource 'vsphere:vm' 'VM01' @{
    ensure = 'present'
    description = 'Test VM'
    ###

    # Other options omitted for brevity

    ###          

    vcenterCredentials = Get-POSHOriginSecret 'passwordstate' @{
        endpoint = 'https://passwordstate.local/api'
        credApiKey = '<your API key>'
        passwordId = 1234
    }
}

ProtectedData Example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
resource 'vsphere:vm' 'VM01' @{
    ensure = 'present'
    description = 'Test VM'
    ###

    # Other options omitted for brevity

    ###          

    vcenterCredentials = Get-POSHOriginSecret 'protecteddata' @{
        path = '.\my_vc_creds.xml'
        certificate = '39E79A87089CBE26C3B1D36A7D20A96398D07CF9'        
    }
    guestCredentials = Get-POSHOriginSecret 'protecteddata' @{
        path = '.\my_guest_creds.xml'
        password = 'K33p1T53cr3TK33p1T5@F3'
    }
}

PSCredential Example

1
2
3
4
5
6
7
8
9
10
11
resource 'vsphere:vm' 'VM01' @{
    ensure = 'present'
    description = 'Test VM'
    ###

    # Other options omitted for brevity

    ###          

    vcenterCredentials = Get-POSHOriginSecret 'pscredential' @{
        username = 'svcvcenter'
        password = 'password123!'
    }
}

Show your support

POSHOrigin - Credential Resolvers

Credential Resolvers

PasswordState Example

ProtectedData Example

PSCredential Example

Show your support

Like books? Check these out!

You might also like:

9 Tips for Writing Better PowerShell Functions

Using PoshBot Middleware for Rate-Limiting Notifications

Joining Paths in PowerShell

Achievement Unlocked: Becoming a Microsoft MVP

Sharing is caring