I’m working with a customer to try to schedule PowerShell Scripts to run on a periodic basis and hoping to use the PowerShell SDK. The customer has asked how the Client Secret is stored as they need to ensure that it is secure.
I did a bit of digging and can’t find information about how / where the information is stored and I can’t find the information stored on my own machine to verify whether it is encrypted.
Any pointers here would be greatly appreciated.
Also, if there are other mechanisms that people have used to secure the client secret to be used for external scripts, that would be very helpful too.
2 methods for storing credentials securely come to mind:
Using environment variables for a specific user
Storing the value in a user environment variable only for that user account to run the PowerShell script. Make sure to protect these variables.
The value can be accessed in PowerShell: $clientSecret = $env:CLIENT_SECRET
The CLI method and the environment variable methods above both store the credentials in plain text, which is unacceptable in this instance.
The PowerShell Module includes a Save-IdentityNowConfiguration command which the documentation says: “Saves default IdentityNow configuration to a file in the current users Profile.”
I can’t find where that is saved. Does anybody know where that is or if that is encrypted?
Hi Kevin,
Does it include Get-IdentityNowConfigurationPath command? It might give you the exact path where the configuration file is saved for your environment.
Windows credential manager is the best option for securing your keys. The CLI and SDK don’t support credential manager directly, but there may be a way to use credential manager with the SDK today. I don’t know enough about PowerShell to figure out how to do it though.