EncryptionUtilities

1.0.1001.2107

Examples/RetrieveSecrets.ps1

                                #Configure IIS or a portable web server and store the decryption keys there. Do not enable directory browsing, and configure any additional security such as HTTPS, etc.

#Using powershell, we can send a web request to retrieve the JSON file containing the required information within the content property of the response.

#Convert that JSON back into a powershell object and use the data within the 'Get-Encrypted' string function.

#Once the data is decrypted, it can then be passed into the function that connects to the desired back end system requiring authentication.

#Systems such as Active Directory, a web service, API key for secure connections, etc.

#They are only ever stored in memory and never on the file system

$Null = Import-Module -Name 'EncryptionUtilities' -Force -Verbose

[System.URI]$Server = "http://YourServerFQDN"

[System.Collections.ArrayList]$ValuesToRetrieve = @()

[HashTable]$ValueInfoProperties = @{}

  $ValueInfoProperties.Add('Name', 'SecretKey')

  $ValueInfoProperties.Add('Server', ([System.URI]::New("$($Server.OriginalString)")))

  $ValueInfoProperties.Add('EncryptedDataURI', ([System.URI]::New("$($ValueInfoProperties.Server.OriginalString)/Info/EncryptedData/$($ValueInfoProperties.Name).json")))

  $ValueInfoProperties.Add('DecryptionKeyURI', ([System.URI]::New("$($ValueInfoProperties.Server.OriginalString)/Info/DecryptionKeys/$($ValueInfoProperties.Name).json")))

$ValueInfo = New-Object -TypeName 'PSObject' -Property ($ValueInfoProperties)

$ValuesToRetrieve += ($ValueInfo)

ForEach ($Item In $ValuesToRetrieve)

  {  

      $EncryptedDataWebRequest = Invoke-WebRequest -Uri "$($Item.EncryptedDataURI)"

      $EncryptedDataContentInfo = ConvertFrom-JSON -InputObject ($EncryptedDataWebRequest.Content)

      $DecryptedDataWebRequest = Invoke-WebRequest -Uri "$($Item.DecryptionKeyURI)" 

      $DecryptedDataContentInfo = ConvertFrom-JSON -InputObject ($DecryptedDataWebRequest.Content)

      $GetEncryptedString = Get-EncryptedString -EncryptedData ($EncryptedDataContentInfo.EncryptedData) -DecryptionKey ($DecryptedDataContentInfo.DecryptionKey) -Verbose

      Write-Output -InputObject ($GetEncryptedString)

  }