-
Notifications
You must be signed in to change notification settings - Fork 14
/
Add-SecureSetting.ps1
102 lines (89 loc) · 8.75 KB
/
Add-SecureSetting.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
function Add-SecureSetting
{
<#
.Synopsis
Adds an encrypted setting to the registry
.Description
Stores secured user settings in the registry
.Example
Add-SecureSetting AStringSetting 'A String'
.Example
Add-SecureSetting AHashtableSetting @{a='b';c='d'}
.Example
Add-SecureSetting ACredentialSetting (Get-Credential)
.Example
Add-SecureSetting ASecureStringSetting (Read-Host "Is It Secret?" -AsSecureString)
.Link
https://www.youtube.com/watch?v=0haXavQU_nY
.Link
Get-SecureSetting
.Link
ConvertTo-SecureString
.Link
ConvertFrom-SecureString
#>
[CmdletBinding(DefaultParameterSetName='System.Security.SecureString')]
[OutputType('SecureSetting')]
param(
# The name of the secure setting
[Parameter(Mandatory=$true,Position=0,ValueFromPipelineByPropertyName=$true)]
[String]
$Name,
# A string value to store. This will be converted into a secure string and stored in the registry.
[Parameter(Mandatory=$true,Position=1,ParameterSetName='String',ValueFromPipelineByPropertyName=$true)]
[string]
$String,
# An existing secure string to the registry.
[Parameter(Mandatory=$true,Position=1,ParameterSetName='System.Security.SecureString',ValueFromPipelineByPropertyName=$true)]
[Security.SecureString]
$SecureString,
# A table of values. The table will be converted to a string, and this string will be stored in the registry.
[Parameter(Mandatory=$true,Position=1,ParameterSetName='Hashtable',ValueFromPipelineByPropertyName=$true)]
[Hashtable]
$Hashtable,
# A credential. The credential will stored in the registry as a pair of secured values.
[Parameter(Mandatory=$true,Position=1,ParameterSetName='System.Management.Automation.PSCredential',ValueFromPipelineByPropertyName=$true)]
[Management.Automation.PSCredential]
$Credential
)
process {
#region Create Registry Location If It Doesn't Exist
$registryPath = "HKCU:\Software\Start-Automating\$($myInvocation.MyCommand.ScriptBlock.Module.Name)"
$fullRegistryPath = "$registryPath\$($psCmdlet.ParameterSetName)"
if (-not (Test-Path $fullRegistryPath)) {
$null = New-Item $fullRegistryPath -Force
}
#endregion Create Registry Location If It Doesn't Exist
if ($psCmdlet.ParameterSetName -eq 'String') {
#region Encrypt and Store Strings
$newSecureString = $String |
ConvertTo-SecureString -AsPlainText -Force |
ConvertFrom-SecureString
Set-ItemProperty $fullRegistryPath -Name $Name -Value $newSecureString
#endregion Encrypt and Store Strings
} elseif ($psCmdlet.ParameterSetName -eq 'Hashtable') {
#region Embed And Store Hashtables
$newSecureString = Write-PowerShellHashtable -InputObject $hashtable |
ConvertTo-SecureString -AsPlainText -Force |
ConvertFrom-SecureString
Set-ItemProperty $fullRegistryPath -Name $Name -Value $newSecureString
#endregion Embed And Store Hashtables
} elseif ($psCmdlet.ParameterSetName -eq 'System.Security.SecureString') {
#region Store Secure Strings
$newSecureString = $secureString |
ConvertFrom-SecureString
Set-ItemProperty $fullRegistryPath -Name $Name -Value $newSecureString
#endregion Store Secure Strings
} elseif ($psCmdlet.ParameterSetName -eq 'System.Management.Automation.PSCredential') {
#region Store credential pairs
$secureUserName = $Credential.UserName |
ConvertTo-SecureString -AsPlainText -Force |
ConvertFrom-SecureString
$securePassword = $Credential.Password |
ConvertFrom-SecureString
Set-ItemProperty $fullRegistryPath -Name "${Name}_Username" -Value $secureUserName
Set-ItemProperty $fullRegistryPath -Name "${Name}_Password" -Value $securePassword
#endregion Store credential pairs
}
}
}