SteveL-MSFT
commented
6 months ago Since credentials are sensitive, we wouldn't want the password to be in cleartext within the configuration itself. Currently, you can use a SecretString parameter to pass it to the configuration and reference it via the parameter() function. It would look something like:
# example.dsc.config.yaml
$schema: https://raw.githubusercontent.com/PowerShell/DSC/main/schemas/2023/10/config/document.json
parameters:
globalCredential:
type: secureObject
resources:
- name: Get info from classic DSC resources
type: DSC/PowerShellGroup
properties:
resources:
- name: Get Teams App Permission Policy
type: Microsoft365DSC/MSFT_TeamsAppPermissionPolicy
properties:
Identity: Global
Credential:
userName: "[parameters('globalCredential').username)]"
Password: "[parameters('globalCredential').password]"Where globalCredential would look like:
{
"username": "admin@test.onmicrosoft.com",
"password": "MyPassword"
}So the parameters input or file would look like:
parameters:
globalCredential:
username: admin@test.onmicrosoft.com
password: MyPasswordAnd you would call dsc using:
dsc config -f ./globalCredentials.parameters.yaml get -p ./example.dsc.config.yamlwhere -f specifies the file path to the parameters to be used and -p to the configuration file.
Summary of the new feature / enhancement
In order to be able to call certain types of resources, credential objects are required. I would be very useful to have an intuitive way to do this.
Being able to define and then reference would be great but maybe some interp. from dsc exec itself to get values from environment or a secret manager would be great too
Proposed technical implementation details (optional)
No response