I'm currently in the middle of creating an array builder workflow (Thanks to bdave for the excellent Day0 example) and I have to add a local user on every Netapp controller that we use for 3rd party support tools. I don't want to have the user's password in plain text in either the workflow or the execution history table as that would be a breach of our security code of conduct. I was wondering if it's possible to add the user's password as an other credential and then call it as part of the workflow. Does anyone know if it's possible and if so how I can reference it as part of a command?
In my previous reply, when I said "Please add a new credential for your local user against any valid format IP address. Ex: 126.96.36.199.", I meant you can add the credential for your local user against any junk IP address (this IP address need not be reachable). You can literally add the credential against 188.8.131.52 IP address, and reference it in your command to retrieve these credentials.
Re: Using the Credentials cache to store account passwords?
I think Chaitu has the right idea here. There's a variant of the New-NaUser cmdlet where you can use the credentials as saved by WFA without requiring decryption. Note this version of calling the cmdlet:
A PSCredential object containing the Username for the new user to be created along with the Password to be used for the new user.
So, changing the Day-0 example command for creating a new user to something a little more secure would start as Chaitu stated by creating a dummy entry in the WFA cache to hold the user and password encrypted. Then load the credentials into a variable as Chaitu stated, $NewUserCreds = Get-NaCredentials -Host $DummyHost
After that, assuming you're modifying the example command I posted, you could do something like this: