My little part of the Internet

Tag: PowerShell

Generating Passwords using PowerShell

Even now – after all this time – passwords are hard.

Yes, I know we should all be using Cloud with its fancy KeyStore/Key Vaults or enterprise store such as CyberArk. We all know we should not be chosing them. However, like it or not ‘things’ still need passwords. Whether its for an encryption key, wireless network or just a plain and simple password.

Vendors are also part of the problem, placing restrictions on types of characters or even positioning of them within a password. Still. In 2020! (VMware and Cisco are pretty horrific at this)

Also when you are building stuff in automation, its inevitable you will need some sort of password generating. I use PowerShell a lot and found methods that could be used to do this.

Voila my new GitHub project https://github.com/kevsterd/PoSH-Passwords

This is based on using the Psuedo Random Number Generator (PRNG) which is a feature provided by the Windows Cryptographic Service Provider (CSP) which generates randomness in a ‘good enough’ manner. If you need more than this then well you know why and what to do about it but for most uses this is pretty good.

It uses vendor safe methods and arrangments out of the box with a pretty good 16 character length. You can append flags to make it stronger, output a number of them or make them readable. Its up to you. Your choice.

# Import the module
PS > import-module .\Password-Functions.psm1

# Run the function
PS > New-Password
LC*ATg2F0CFmh-r4

Want longer length ? Want more than one ?

PS > New-Password -Length 20 -count 3
uVelF$qejS4B.J$I8hmO
I9h+Wx1fJeUw8OxWf@DA
QbvykhouQ@tHe1IuQDPE

Remember, the passwords being returned back as an object you can then store into other variables.

PS > $pass=New-Password

You can obviously use the PowerShell SecureString method to store and manipulate if need be. (Some decent tips at http://blog.majcica.com/2015/11/17/powershell-tips-and-tricks-decoding-securestring/)

PS > $pass=New-Password

PS > $secpass=(ConvertTo-SecureString $pass -AsPlainText -Force)
PS > $secpass
System.Security.SecureString

PS > $secpass | ConvertFrom-SecureString
01000000d08c9ddf0115d1118c7a00c04fc297eb010000002571feb3508bb14b8eaa7cac1828a6b80000000002000000000010660000000100002000000064fc1cf1a0b044b4a1dd63aa3fc9ba9ec4f83b24a70569cbbe25773522868bd4000000000e80000000020000200000004487a5581bbc0d7ffcb47bdfda87198014a8cce89b9ed117b1c29893e9d3481b3000000058b14398fa542e694ce5b9a37299b147f5c9640e33f4c6603b7a2131c79c23d22301870794d266ea52b5194ebdb1326a40000000db1dec8a79db34f89846c015fb6a37f4116cb15c48ccd9dcecbd8dfc16a3a1209207be1a9e53e1b37870cdf04c693ff9a41f100d5197d42d7326e4680c6941b9

PS > $secpass | ConvertFrom-SecureString | Out-File ".\MyPassword.txt"

Driving Cisco ACI using PowerShell

One thing I have been working on for a long time is to create a set of PowerShell modules for Cisco ACI.

For those that don’t know ACI is Cisco’s Next Generation DataCentre switching fabric. Kind of the next step after Nexus in NX-OS mode. It uses modern tecnniques such as hardware controllers (APIC’s – C220 servers) along with Nexus 9500 and Nexus 93xxx switches to form a leaf-spine deployment.

Whilst ACI has a GUI, MO and NX-OS like CLI (not perfect at all !) along with Python and even Ansible, these quickly run out of steam. Whilst Python is a great language it still takes some learning. Its also not so intuative when passing results between methods.

I realised there is nothing for ACI to utilise PowerShell in a similar way that VMware’s NSX has the most excellent PowerNSX

Hence, my first cut of ACI-PoSH published to GitHub. There is a ton of work to do on this – documentation being a biggie – but it works.

Development Process

I am quite lucky to have been involved in some large scale ACI deploments however when offline from these I have two enviroments that I use.

  • The Cisco DevNet ACI Sandbox availible at https://developer.cisco.com/site/sandbox/ This is a site that contains working examples of most Cisco products, one being the ACI Simulator (Always on) which in an Internet connected APIC. No charge but you do need to register or login. Just the job for testing, learning and development.
  • The Cisco ACI Simulator (see here) You need a valid CCO account and ACI software support to download. It will run in most Hypervisors (I use VMware Workstation and ESXi) but need at least 80GB HDD, 8 cores and 16GB RAM availble. You will also need your friendly Cisco Account Manager to authorise the activation code

Ill be adding more info here in later posts about just how to use it.

© 2024 Kevsters Blog

Theme by Anders NorĂ©nUp ↑