From 1523731aefffda002ec58e92cea63a365fd4cd6f Mon Sep 17 00:00:00 2001
From: ScottishDex <35346954+ScotDex@users.noreply.github.com>
Date: Tue, 8 Jul 2025 23:04:02 +0100
Subject: [PATCH] Replace hard-coded credentials with env vars and document

---
 API/api-auth-script.ps1           |  7 +++----
 API/api-script.ps1                |  7 +++----
 Development/eve-auth-api-test.ps1 |  9 ++++-----
 Eve-Online/eve-auth-module.ps1    |  4 ++--
 Pen-Test/payload.ps1              |  4 ++--
 README.md                         | 24 ++++++++++++++++++++++++
 Tooling/elastic-rule-report.ps1   |  4 ++--
 readme.md                         |  1 -
 8 files changed, 40 insertions(+), 20 deletions(-)
 create mode 100644 README.md
 delete mode 100644 readme.md

diff --git a/API/api-auth-script.ps1 b/API/api-auth-script.ps1
index 8f07bc6..917435d 100644
--- a/API/api-auth-script.ps1
+++ b/API/api-auth-script.ps1
@@ -1,8 +1,8 @@
 # Description: This script is used to make a GET request to an API endpoint with basic authentication.
 # Usage: powershell -File api-script.ps1
 
-$username="admin"
-$password="password"
+$username = $env:API_USERNAME
+$password = $env:API_PASSWORD
 $credentials = "{$username}:{$password}"
 $credentialBytes = [System.Text.Encoding]::ASCII.GetBytes($credentials)
 $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes($credentialBytes))
@@ -15,5 +15,4 @@ $headers = @{
     Authorization=$basicAuthHeader
     "Content-Type"="application/json"
 }
-
-Invoke-RestMethod -Uri "$urlbase/" -Headers $headers -Method Get
\ No newline at end of file
+Invoke-RestMethod -Uri "$urlbase/" -Headers $headers -Method Get
diff --git a/API/api-script.ps1 b/API/api-script.ps1
index 8f07bc6..917435d 100644
--- a/API/api-script.ps1
+++ b/API/api-script.ps1
@@ -1,8 +1,8 @@
 # Description: This script is used to make a GET request to an API endpoint with basic authentication.
 # Usage: powershell -File api-script.ps1
 
-$username="admin"
-$password="password"
+$username = $env:API_USERNAME
+$password = $env:API_PASSWORD
 $credentials = "{$username}:{$password}"
 $credentialBytes = [System.Text.Encoding]::ASCII.GetBytes($credentials)
 $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes($credentialBytes))
@@ -15,5 +15,4 @@ $headers = @{
     Authorization=$basicAuthHeader
     "Content-Type"="application/json"
 }
-
-Invoke-RestMethod -Uri "$urlbase/" -Headers $headers -Method Get
\ No newline at end of file
+Invoke-RestMethod -Uri "$urlbase/" -Headers $headers -Method Get
diff --git a/Development/eve-auth-api-test.ps1 b/Development/eve-auth-api-test.ps1
index 578ac99..5fe8252 100644
--- a/Development/eve-auth-api-test.ps1
+++ b/Development/eve-auth-api-test.ps1
@@ -11,8 +11,8 @@
 
 # The code below is used to authenticate with the EVE Online API using OAuth2
 # The code is based on the example provided in the EVE Online documentation: https://esi.evetech.net/ui/?version=latest#/Character/get_characters_character_id
-$clientID="539efdfedabe4ca19575d01b6ae5ba8e"
-$clientSecret="xBMQMOOZVxfQI8RQPSjKEKXvqsdJKybv8UceDZjY"
+$clientID=$env:EVE_CLIENT_ID
+$clientSecret=$env:EVE_CLIENT_SECRET
 # $credentials = "{$username}:{$password}"
 # $credentialBytes = [System.Text.Encoding]::ASCII.GetBytes($credentials)
 # $base64AuthInfo = [Convert]::ToBase64String(($credentialBytes))
@@ -27,7 +27,7 @@ $assetsUrl = "https://esi.evetech.net/latest/characters/95282689/assets/"
 $encodedAssets = [System.Web.HttpUtility]::UrlEncode($assetsUrl)
 Write-Host "Please visit this URL to authenticate: $authUrl"
 
-$authorizationCode = "ZaazFJl76kSX_87Z0GQJ1A"
+$authorizationCode = $env:EVE_AUTH_CODE
 
 $body = @{
     grant_type    = "authorization_code"
@@ -52,5 +52,4 @@ $uri = "https://esi.evetech.net/latest/characters/95282689/"
 $characterInfo = Invoke-RestMethod -Uri $uri -Headers $headers -Method Get
 $characterInfo
 
-$assetResponse = Invoke-RestMethod -Uri "$encodedAssets" -Headers $headers -Method Get
-$assetResponse
\ No newline at end of file
+$assetResponse = Invoke-RestMethod -Uri "$encodedAssets" -Headers $headers -Method Get$assetResponse
diff --git a/Eve-Online/eve-auth-module.ps1 b/Eve-Online/eve-auth-module.ps1
index 62ce3c3..fce82f8 100644
--- a/Eve-Online/eve-auth-module.ps1
+++ b/Eve-Online/eve-auth-module.ps1
@@ -1,7 +1,7 @@
 [CmdletBinding()]
 param(
-    [string]$ClientID = "539efdfedabe4ca19575d01b6ae5ba8e",
-    [string]$ClientSecret = "xBMQMOOZVxfQI8RQPSjKEKXvqsdJKybv8UceDZjY",
+    [string]$ClientID = $env:EVE_CLIENT_ID,
+    [string]$ClientSecret = $env:EVE_CLIENT_SECRET,
     [string]$RedirectUri = "???", # Wondereing what to use for an end point because localhost:port is not an option - perhaps cloud run?
     [string]$Scopes = "publicData esi-assets.read_assets.v1"
 )
diff --git a/Pen-Test/payload.ps1 b/Pen-Test/payload.ps1
index c39de2d..eac7601 100644
--- a/Pen-Test/payload.ps1
+++ b/Pen-Test/payload.ps1
@@ -28,8 +28,8 @@ Start-Process ".\response.html"
 
 $uri = "https://halo.tsg.com/status"
 $body = @{
-    email = "test@example.com"
-    password = "SuperSecret123"
+    email = $env:TEST_EMAIL
+    password = $env:TEST_PASSWORD
 } | ConvertTo-Json
 
 $response = Invoke-RestMethod -Uri $uri -Method Post -Body $body -ContentType 'application/json' -ErrorAction Stop
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..6ac1904
--- /dev/null
+++ b/README.md
@@ -0,0 +1,24 @@
+# The Script Lab
+
+This repository contains various PowerShell scripts for API testing, tooling and development experiments.
+
+## Providing Credentials
+
+Some scripts require credentials. To avoid hard coding sensitive values, these scripts read their credentials from environment variables:
+
+- `API_USERNAME` and `API_PASSWORD` for scripts in the `API` folder.
+- `EVE_CLIENT_ID` and `EVE_CLIENT_SECRET` for EVE Online authentication scripts.
+- `EVE_AUTH_CODE` for `Development/eve-auth-api-test.ps1`.
+- `TEST_EMAIL` and `TEST_PASSWORD` for `Pen-Test/payload.ps1`.
+- `ELASTIC_USERNAME` and `ELASTIC_PASSWORD` for `Tooling/elastic-rule-report.ps1`.
+
+Before running a script, export the required variables in your shell:
+
+```powershell
+$env:API_USERNAME = 'myuser'
+$env:API_PASSWORD = 'mypassword'
+# set other variables as needed
+```
+
+Use your preferred secrets management solution to supply these values securely.
+
diff --git a/Tooling/elastic-rule-report.ps1 b/Tooling/elastic-rule-report.ps1
index 162e6fb..e92b002 100644
--- a/Tooling/elastic-rule-report.ps1
+++ b/Tooling/elastic-rule-report.ps1
@@ -8,8 +8,8 @@
 $ODS = Read-Host -Prompt "Please enter your ODS to search (ensure in CAPS e.g. 'RCU')"
 
 $outputFile = "$env:USERPROFILE\Desktop\Generated-Rule-Report1.csv"
-$Username = "synanetics-system"
-$Password = "Kc1cmCxYDG^bP@cMDP5u"
+$Username = $env:ELASTIC_USERNAME
+$Password = $env:ELASTIC_PASSWORD
 $credentials = "$($Username):$($Password)"
 $credentialBytes = [System.Text.Encoding]::ASCII.GetBytes($credentials)
 $EncodedCredentials = [System.Convert]::ToBase64String($credentialBytes)
diff --git a/readme.md b/readme.md
deleted file mode 100644
index 06decca..0000000
--- a/readme.md
+++ /dev/null
@@ -1 +0,0 @@
-Testing Web Hoo
\ No newline at end of file