-
Notifications
You must be signed in to change notification settings - Fork 59
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ClientSecret is a plaintext [string]. Use [securestring] instead? #42
Comments
Earlier versions used The PowerShell Secret Management module looks like a much better option for storing credentials as it offers cross-platform encryption. Once I get some time to review, I plan on seeing whether that can be easily integrated into the token mechanisms within PSFalcon. |
I don't necessarily agree that using Thanks! |
Thanks, and I appreciate your feedback and suggestion! I thought The earlier versions of PSFalcon effectively used
On Windows (as you mentioned) this is protected if you're not running as the user that created the From the initial reading I've done, the Secret Management module should provide encryption no matter the platform and if you're interested you should be able to use it independently and pass ClientId/ClientSecret/Cloud/MemberCID to |
On PowerShell Core (v6+), it's even simpler!
I haven't come across the I do have my own (non-public) |
That's funny--I had a command with the first iteration of PSFalcon v2 that did the same thing. I'm hoping the SecretManagement module will offer the same results (plus it might store the |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
I noticed in oauth2.ps1 that the ClientSecret isn't being stored in memory as a [securestring]. I would recommend doing that.
I have a code sample that should handle the prompt when a user didn't supply the ClientSecret as a parameter, but I'm not familiar with dynamic parameters in PowerShell so I'm not sure how to handle it if it is supplied as a parameter.
The text was updated successfully, but these errors were encountered: