Examples/GenerateSecrets.ps1
#Creates the json files that can be stored on a web server for remote retrieval during the execution of powershell scripts as a transport method to retrieve sensitive data. #Configure IIS or a portable web server and store the decryption keys there. Do not enable directory browsing, and configure any additional security such as HTTPS, etc. #Using powershell, we can send a web request to retrieve the JSON file containing the required information within the content property of the response. #Convert that JSON back into a powershell object and use the data within the 'Get-Encrypted' string function. #Once the data is decrypted, it can then be passed into the function that connects to the desired back end system requiring authentication. #Systems such as Active Directory, a web service, API key for secure connections, etc. #They are only ever stored in memory and never on the file system $Null = Import-Module -Name 'EncryptionUtilities' -Force -Verbose [HashTable]$ValuesToEncrypt = [Ordered]@{} $ValuesToEncrypt.Add('SecretKey', [System.GUID]::NewGUID().GUID.ToString()) $ValuesToEncrypt.Add('APIKey', [System.GUID]::NewGUID().GUID.ToString()) $ValuesToEncrypt.Add('Domain', 'MyDomain') $ValuesToEncrypt.Add('UN', 'MyUsername') $ValuesToEncrypt.Add('PW', 'SomeSecretValue') [System.Collections.ArrayList]$OutputObject = @() [System.IO.DirectoryInfo]$EncryptionInfoDirectory = "$($Env:SystemDrive)\Secrets\Info" [System.IO.DirectoryInfo]$EncryptedDataDirectory = "$($EncryptionInfoDirectory.FullName)\EncryptedData" If ($EncryptedDataDirectory.Exists -eq $False) {$Null = [System.IO.Directory]::CreateDirectory($EncryptedDataDirectory.FullName)} [System.IO.DirectoryInfo]$DecryptionKeysDirectory = "$($EncryptionInfoDirectory.FullName)\DecryptionKeys" If ($DecryptionKeysDirectory.Exists -eq $False) {$Null = [System.IO.Directory]::CreateDirectory($DecryptionKeysDirectory.FullName)} ForEach ($Item In ($ValuesToEncrypt.GetEnumerator())) { [String]$NewEncryptedString_Value = ($Item.Value) [Switch]$NewEncryptedString_Verbose = $False [Hashtable]$NewEncryptedStringParameters = @{} $NewEncryptedStringParameters.Add('Value', ($NewEncryptedString_Value)) $NewEncryptedStringParameters.Add('Verbose', ($NewEncryptedString_Verbose)) $NewEncryptedStringInfo = New-EncryptedString @NewEncryptedStringParameters [System.IO.FileInfo]$EncryptedDataAsJSONPath = "$($EncryptedDataDirectory.FullName)\$($Item.Key).json" [String]$EncryptedDataAsJSON = ConvertTo-JSON -InputObject ($NewEncryptedStringInfo | Select-Object -Property @('EncryptedData')) $Null = [System.IO.File]::WriteAllText(($EncryptedDataAsJSONPath.FullName), ($EncryptedDataAsJSON), ([System.Text.Encoding]::Default)) $EncryptedDataAsJSONHash = (Get-FileHash -Path ($EncryptedDataAsJSONPath.FullName) -Algorithm SHA256).Hash [System.IO.FileInfo]$DecryptionKeyAsJSONPath = "$($DecryptionKeysDirectory.FullName)\$($Item.Key).json" [String]$DecryptionKeyAsJSON = ConvertTo-JSON -InputObject ($NewEncryptedStringInfo | Select-Object -Property @('DecryptionKey')) $Null = [System.IO.File]::WriteAllText(($DecryptionKeyAsJSONPath.FullName), ($DecryptionKeyAsJSON), ([System.Text.Encoding]::Default)) [String]$DecryptionKeyAsJSONHash = (Get-FileHash -Path ($DecryptionKeyAsJSONPath.FullName) -Algorithm SHA256).Hash $Null = Add-Member -InputObject ($NewEncryptedStringInfo) -Name 'ValueName' -Value ($Item.Name) -MemberType NoteProperty $Null = Add-Member -InputObject ($NewEncryptedStringInfo) -Name 'EncryptedDataPath' -Value ($EncryptedDataAsJSONPath.FullName) -MemberType NoteProperty $Null = Add-Member -InputObject ($NewEncryptedStringInfo) -Name 'EncryptedDataHash' -Value ($EncryptedDataAsJSONHash) -MemberType NoteProperty $Null = Add-Member -InputObject ($NewEncryptedStringInfo) -Name 'DecryptionKeyPath' -Value ($DecryptionKeyAsJSONPath.FullName) -MemberType NoteProperty $Null = Add-Member -InputObject ($NewEncryptedStringInfo) -Name 'DecryptionKeyHash' -Value ($DecryptionKeyAsJSONHash) -MemberType NoteProperty $OutputObject += ($NewEncryptedStringInfo) } Write-Output -InputObject ($OutputObject) |