本文描述如何加密 PowerShell 中的敏感信息,从而避免敏感信息(诸如密码)在代码中被显式的展现出来。这里我们使用 ConvertFrom-SecureString 命令来完成加密操作,需要注意的是,如果我们没有指定Key,那么,将采用基于 Windows 内置的 DPAPI 进行数据的加密。这种情况下,原文的加密和解密必须在同一台机器上,且基于同一个User去进行。
ConvertFrom-SecureString [-SecureString] <SecureString> [[-SecureKey] <SecureString> ] [ <CommonParameters>]
你可以从这里了解该命令的更多信息。
- If no key is specified, the Windows Data Protection API (DPAPI) is used to encrypt the standard string representation.
Your secret was automatically encrypted by the built-in Windows data protection API (DPAPI), using your identity and your machine as encryption key. So only you (or any process that runs on your behalf) can decipher the secret again, and only on the machine where it was encrypted.
Continue reading