Encrypting powershell passwords

If the script is going to be distributed onto a number of machines across the network then every credentials that your script is going to use will be accessible to those users and there is no way around it.

You can do two things if there are any private per-user data:

1. create a new user account in the database for every user of your program with restrictive permissions allowing them to do only the things that you want them to do and nothing more
2. have a proxy server that would authenticate them and connect to the database in their name (this is how most websites work)

If all of the data is public and read-only then you can either:

1. create a user account in the database for read-only access and use its credential in all of the distributed copies of your program
2. have a proxy server that doesn't authenticate users but connects to the database instead of exposing it to the public

Number 2 of every one of those options is generally recommended for every database with a security history of MySQL, but number 1 of both of those options would be recommended for databases like CouchDB.

Never distribute any credentials with your program that you don't want your users to use.

I've used this PowerShell Library http://lunaticexperiments.wordpress.com/2009/10/23/powershell-string-encryption-and-gpg/ to encrypt Oracle and Informix passwords.

Here's an example

    #Source Encryption Functions. ./Library-StringCrypto.ps1#encrypt string using passphrase$encrypt = Write-EncryptedString $connString "4#&7yaoff"#Show encrypted string$encrypt#Decrypt stringRead-EncryptedString $encrypt "4#&7yaoff"