cChocoSource - PSCredential for Set-TargetResource passed to MOF as Plain Test

chocolatey / cChoco

Community resource to manage Chocolatey

Apache License 2.0

154 stars 99 forks source link

cChocoSource - PSCredential for Set-TargetResource passed to MOF as Plain Test #159

Closed ryanrichter94 closed 1 year ago

ryanrichter94 commented 3 years ago

Currently when setting up an authenticated source using cChocoSource. The PSCredential that gets passed using the Set-TargetResource function is written to the MOF file in plain text.

Is their a way to obfuscate the source username and password within the MOF file instead of it getting written plain text?

Looking at Microsoft documentation for DSC it looks like you can secure the MOF file with a certificate upon further researching. link to docs on this

pauby commented 2 years ago

I appreciate this was some time ago, but I'm a little confused by this one. Encrypting the MOF would be done on your end node and not by this module. If you are using a pull configuration, then you would have to set up certificates to encrypt the MOF.

Can you elaborate on this one any further?

ryanrichter94 commented 1 year ago

Hey @pauby apologies. Looking at this with some fresh eyes. You are correct that this would need to be a configuration made by an individual user to cert encrypt their MOF file. I'll go ahead and close off this issue.