My Profile Photo Title

Thoughts about DevOps and automation from a Windows guy


POSHOrigin - Credential Resolvers feature image

POSHOrigin - Credential Resolvers

This article is Part 7 in a 9-Part series about POSHOrigin, a PowerShell module that aims to assist you in managing your Infrastructure via custom PowerShell DSC resources.

POSHOrigin on GitHub→

Credential Resolvers

Credential resolvers are various methods POSHOrigin can use to create a PowerShell credential object from data in the configuration file. These credentials are then passed to the DSC resource when it is compiled. Using resolvers, sensitive data like usernames / passwords can be stored separately from the configuration and pulled in when the configuration file is read and executed.

Currently, POSHOrigin supports the following resolvers:

  • PasswordState - Resolves a credential object using ClickStudio’s PasswordState vault. This resolver needs my PasswordState module to be installed in order to function.
  • ProtectedData - Resolves a credential object using Dave Wyatt’s ProtectedData PowerShell module.
  • PSCredential - Resolves a credential object using a plain text username and password. USE ONLY FOR TESTING!

PasswordState Example

1
2
3
4
5
6
7
8
9
10
11
12
resource 'vsphere:vm' 'VM01' @{
ensure = 'present'
description = 'Test VM'
###
# Other options omitted for brevity
###
vcenterCredentials = Get-POSHOriginSecret 'passwordstate' @{
endpoint = 'https://passwordstate.local/api'
credApiKey = '<your API key>'
passwordId = 1234
}
}

ProtectedData Example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
resource 'vsphere:vm' 'VM01' @{
ensure = 'present'
description = 'Test VM'
###
# Other options omitted for brevity
###
vcenterCredentials = Get-POSHOriginSecret 'protecteddata' @{
path = '.\my_vc_creds.xml'
certificate = '39E79A87089CBE26C3B1D36A7D20A96398D07CF9'
}
guestCredentials = Get-POSHOriginSecret 'protecteddata' @{
path = '.\my_guest_creds.xml'
password = '[email protected]'
}
}

PSCredential Example

1
2
3
4
5
6
7
8
9
10
11
resource 'vsphere:vm' 'VM01' @{
ensure = 'present'
description = 'Test VM'
###
# Other options omitted for brevity
###
vcenterCredentials = Get-POSHOriginSecret 'pscredential' @{
username = 'svcvcenter'
password = 'password123!'
}
}
Sharing is caring