API Key security

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 2 years and 10 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
jenkinsta
Posts: 2
Last visit: Mon Apr 19, 2021 3:49 pm

API Key security

Post by jenkinsta »

was reading this https://www.sapien.com/blog/2012/04/30/ ... -packages/
about creds in code.

What I have is an API client and key that I need to secure.

Request-SpecialToken "EXAMPLEID" "EXAMPLEKEY"

Anyway to secure that using the ConvertTo-SecureString?

$c = ConvertTo-SecureString "EXAMPLEID" -AsPlainText -Force

Didnt work
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: API Key security

Post by jvierra »

I thi8nk you want to convert the token and not the ID. A token is usually only good for one session so it cannot be persisted and reused. Check the documentation for teh API to understand how they use tokens and how to use them.
jenkinsta
Posts: 2
Last visit: Mon Apr 19, 2021 3:49 pm

Re: API Key security

Post by jenkinsta »

it all works fine just need to obfuscate the clientid and key from reversing the exe. The module I am calling takes those two and validates then gets the token for later actions.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: API Key security

Post by jvierra »

So what is not working? You cant use an encrypted string without decrypting it. In an EXE this would happen automatically if the strings are stored inside the code as a global.
This topic is 2 years and 10 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked