Shell for SAP – Store credentials encrypted

Nobody wants to store password in Scripts clear text. So connmove developed a new Functionality called “Credfile”. With the credfile functions you can store credentials in an encrypted file. Then you just have to set the ID of the credentials on the Connector which you want to use.

Use Add-CmCredfileCredentials to create new entry. If the credfile does not exist, it will create a new one. Use the ‘ID’ parameter if you want to define your own ID.
If you don’t want that all users can use a credential entry you have to specify one ore more users which have the privilege with ‘PSUsers’. A PS User is a Windows User. Everytime a user esecute the -CredID Option, EasyCloud check if the current PowerShell User is listed in the ‘PSUser’ column for the specified ID.

If you don’t specify an PSUser, any user can access the entry.

Add-CmCredfileCredentials -Username MyUser -Password MyPassword -Description “PW for SQL Server” -PSUsers domain/user1,domain/user2

To see which credentials are stored in a credfile use Get-CmCredfileEntries

Get-CmCredfileEntries

With the ‘ReplaceID’ parameter, you can overwrite the credential data of the specified ID.

Add-CmCredfileCredentials -Username MyUser -Password MyPassword2 -Description “PW for SQL Server” -PSUsers Domain/user1 -ReplaceID 1

Example how to connect to a SAP system

$con = Get-CmSapConnect -CredID 2 -Language EN -Client 100 -Host SAPHost -SystemNumber 0

To remove an entry of the credfile use the Remove-CmCredfileCredentials commandlet

Remove-CmCredfileCredentials -CredID 3

As default the credfile will be stored in the program directory of the Cmcmdlets. If you want to store the credfile on another place, use the ‘-Credfile’ parameter and specify the new path.

Connectors which supports the credfile:

Get-CmSapConnect
Get-CmSqlConnect
Get-CmSAPHostConnect
Get-CmSapGuiConnect
Get-CmOsConnect
Get-CmCluster
Search-CmOsUpdates
Measure-CmOsUpdates
Test-CmOsUpdates
Restart-CmOsUpdates
Install-CmOsUpdates