Menu
I have a batch script with a password sitting in it as part of a command that requires credentials that I do not want to prompt for credentials. I am not worried about external threats, but I don't really want a co-worker going in there and seeing that password. While I trust them not to abuse it, I'd rather not have it there at all.
I was able to do this pretty easily with PowerShell by just storing a secure string in a text file. Pretty basic, but at least there's no plain text passwords laying around. That's all I really need.
How can I obfuscate a password in a batch script?
896
When used in a command line, script, or batch file, %1 is used to represent a variable or matched string. For example, in a Microsoft batch file, %1 can print what is entered after the batch file name.
%%a refers to the name of the variable your for loop will write to. Quoted from for /? : FOR %variable IN (set) DO command [command-parameters] %variable Specifies a single letter replaceable parameter. (set) Specifies a set of one or more files. Wildcards may be used.
You could also hide the password in an alternate data stream:
First, add the somewhat secret password to an alternate data stream of your script:
echo somewhatsecretpassword>script.bat:pwd
Here's how to retrieve the password into the variable %p%:
for /f "usebackq delims=" %i in (script.bat:pwd) do set p=%i
From within the batch file itself you may use something like:
for /f "usebackq delims=" %%i in (%~0:pwd) do set p=%%i
This is not secure!
Please consider:
163
Another option might be to obfuscate a "password", which is not secure at all but might be sufficent in certain situations
:main
set a=pas
set b=rd
set /p input=
if %input%==%a%swo%b% goto start
:start
<your code here>
goto main
the password is "password", but it's a bit obfuscated.
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
