Examples/RetrieveSecrets.ps1
#Configure IIS or a portable web server and store the decryption keys there. Do not enable directory browsing, and configure any additional security such as HTTPS, etc. #Using powershell, we can send a web request to retrieve the JSON file containing the required information within the content property of the response. #Convert that JSON back into a powershell object and use the data within the 'Get-Encrypted' string function. #Once the data is decrypted, it can then be passed into the function that connects to the desired back end system requiring authentication. #Systems such as Active Directory, a web service, API key for secure connections, etc. #They are only ever stored in memory and never on the file system $Null = Import-Module -Name 'EncryptionUtilities' -Force -Verbose [System.URI]$Server = "http://YourServerFQDN" [System.Collections.ArrayList]$ValuesToRetrieve = @() [HashTable]$ValueInfoProperties = @{} $ValueInfoProperties.Add('Name', 'SecretKey') $ValueInfoProperties.Add('Server', ([System.URI]::New("$($Server.OriginalString)"))) $ValueInfoProperties.Add('EncryptedDataURI', ([System.URI]::New("$($ValueInfoProperties.Server.OriginalString)/Info/EncryptedData/$($ValueInfoProperties.Name).json"))) $ValueInfoProperties.Add('DecryptionKeyURI', ([System.URI]::New("$($ValueInfoProperties.Server.OriginalString)/Info/DecryptionKeys/$($ValueInfoProperties.Name).json"))) $ValueInfo = New-Object -TypeName 'PSObject' -Property ($ValueInfoProperties) $ValuesToRetrieve += ($ValueInfo) ForEach ($Item In $ValuesToRetrieve) { $EncryptedDataWebRequest = Invoke-WebRequest -Uri "$($Item.EncryptedDataURI)" $EncryptedDataContentInfo = ConvertFrom-JSON -InputObject ($EncryptedDataWebRequest.Content) $DecryptedDataWebRequest = Invoke-WebRequest -Uri "$($Item.DecryptionKeyURI)" $DecryptedDataContentInfo = ConvertFrom-JSON -InputObject ($DecryptedDataWebRequest.Content) $GetEncryptedString = Get-EncryptedString -EncryptedData ($EncryptedDataContentInfo.EncryptedData) -DecryptionKey ($DecryptedDataContentInfo.DecryptionKey) -Verbose Write-Output -InputObject ($GetEncryptedString) } |