My Profile Photo Title

Thoughts about DevOps and automation from a Windows guy


POSHOrigin - Credential Resolvers feature image

POSHOrigin - Credential Resolvers

This article is Part 7 in a 9-Part series about POSHOrigin, a PowerShell module that aims to assist you in managing your Infrastructure via custom PowerShell DSC resources.

POSHOrigin on GitHub→

Credential Resolvers

Credential resolvers are various methods POSHOrigin can use to create a PowerShell credential object from data in the configuration file. These credentials are then passed to the DSC resource when it is compiled. Using resolvers, sensitive data like usernames / passwords can be stored separately from the configuration and pulled in when the configuration file is read and executed.

Currently, POSHOrigin supports the following resolvers:

  • PasswordState - Resolves a credential object using ClickStudio’s PasswordState vault. This resolver needs my PasswordState module to be installed in order to function.
  • ProtectedData - Resolves a credential object using Dave Wyatt’s ProtectedData PowerShell module.
  • PSCredential - Resolves a credential object using a plain text username and password. USE ONLY FOR TESTING!

PasswordState Example

1
2
3
4
5
6
7
8
9
10
11
12
resource 'vsphere:vm' 'VM01' @{
    ensure = 'present'
    description = 'Test VM'
    ###
    # Other options omitted for brevity
    ###          
    vcenterCredentials = Get-POSHOriginSecret 'passwordstate' @{
        endpoint = 'https://passwordstate.local/api'
        credApiKey = '<your API key>'
        passwordId = 1234
    }
}

ProtectedData Example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
resource 'vsphere:vm' 'VM01' @{
    ensure = 'present'
    description = 'Test VM'
    ###
    # Other options omitted for brevity
    ###          
    vcenterCredentials = Get-POSHOriginSecret 'protecteddata' @{
        path = '.\my_vc_creds.xml'
        certificate = '39E79A87089CBE26C3B1D36A7D20A96398D07CF9'        
    }
    guestCredentials = Get-POSHOriginSecret 'protecteddata' @{
        path = '.\my_guest_creds.xml'
        password = '[email protected]'
    }
}

PSCredential Example

1
2
3
4
5
6
7
8
9
10
11
resource 'vsphere:vm' 'VM01' @{
    ensure = 'present'
    description = 'Test VM'
    ###
    # Other options omitted for brevity
    ###          
    vcenterCredentials = Get-POSHOriginSecret 'pscredential' @{
        username = 'svcvcenter'
        password = 'password123!'
    }
}
Sharing is caring