Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Saving credentials for reuse by powershell and error ConvertTo-SecureString : Key not valid for use in specified state

I was doing something like described in this post to save credentials in a secured file so our automated process can use that to run remote PS scripts via Invoke-command: http://blogs.technet.com/b/robcost/archive/2008/05/01/powershell-tip-storing-and-using-password-credentials.aspx

This works great when I run this under my account - password is read from encrypted file, passed to Invoke-command and everything is fine.

Today, when my script was ready for its prime time, I tried to run it under windows account that will be used by automated process and got this error below while my script was trying to read secured password from a file:

ConvertTo-SecureString : Key not valid for use in specified state. At \\remoted\script.ps1:210 char:87 + $password = get-content $PathToFolderWithCredentials\pass.txt | convertto-sec urestring <<<<     + CategoryInfo          : InvalidArgument: (:) [ConvertTo-SecureString], C    ryptographicException     + FullyQualifiedErrorId : ImportSecureString_InvalidArgument_Cryptographic    Error,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand 

Asked my workmate to run under his account and he got the same error.

This is the code I am using to save credentials:

$PathToFolderWithCredentials = "\\path\removed"  write-host "Enter login as domain\login:" read-host | out-file $PathToFolderWithCredentials\login.txt  write-host "Enter password:" read-host -assecurestring | convertfrom-securestring | out-file $PathToFolderWithCredentials\pass.txt  write-host "*** Credentials have been saved to $pathtofolder ***" 

This is the code in the script to run by automated process to read them to use in Invoke-command:

$login= get-content $PathToFolderWithCredentials\login.txt $password = get-content $PathToFolderWithCredentials\pass.txt | convertto-securestring $credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $login,$password 

Error happens on line $password = get-content $PathToFolderWithCredentials\pass.txt | convertto-securestring

Any ideas?

like image 493
mishkin Avatar asked Aug 18 '11 15:08

mishkin


People also ask

What is SecureString PowerShell?

Description. The ConvertTo-SecureString cmdlet converts encrypted standard strings into secure strings. It can also convert plain text to secure strings. It is used with ConvertFrom-SecureString and Read-Host .

What is System Security SecureString?

SecureString is a string type that provides a measure of security. It tries to avoid storing potentially sensitive strings in process memory as plain text.


1 Answers

You have to create the password string on the same computer and with the same login that you will use to run it.

like image 97
Michele Avatar answered Sep 20 '22 13:09

Michele