Skip to main content
  • EN

I am wondering if anyone has worked with cmdlets that take a SharedKey parameter in VBR PowerShell, and noticed that some do not take SecureString as a parameter. I’ve identified *-VBRAzureBlobAccount but it seems that Amazon and Google are in a similar situation. However, I’ve also compared to VBO cmdlets, and the equivalent VBOAzureBlobAccount does take SecureString for the SharedKey parameter.

By comparison, the *-VBRCredentials cmdlets permit either a clear text string for Password or a PSCredential object (which by the way uses a SecureString for the password). While SecureString has known limitations, it seems a little odd for these *-VBR*Account cmdlets to not use SecureString for the SharedKey. It seems to limit the ability to securely prompt a user running an install script for the key from the cloud storage provider via Read-Host -AsSecureString and have it seamlessly pass to the cmdlets.

Is there a way I’m missing? Or does anyone have a sample for how to securely handle the process as is? Would there be other options if a REST API call was built for handling the creation of the AzureBlobAccount (I don’t have much experience with the VBR REST API but understand the general concepts).

Hello @jreinhardtpa, I am yet to work with the cmdlets. Since you want to securely handle this process. Have you thought about  using the “ConvertTo-SecureString” cmdlets?

Hello @jreinhardtpa, I am yet to work with the cmdlets. Since you want to securely handle this process. Have you thought about  using the “ConvertTo-SecureString” cmdlets?

Was just going to suggest this as it is one of the ways to help with this.  Used it many times myself in PowerShell.

Thank you both for your reply. The problem is that it doesn’t address the underlying issue to use that cmdlet. If one uses ConvertTo-SecureString -String "Test" -AsPlainText -Force, and try to pass the output to the Add-VBRAzureBlobAccount -SharedKey $SecureString, the result is an exception because that cmdlet is expecting only a String type on that parameter. 

Anyone else have any thoughts on this?

Thank you both for your reply. The problem is that it doesn’t address the underlying issue to use that cmdlet. If one uses ConvertTo-SecureString -String "Test" -AsPlainText -Force, and try to pass the output to the Add-VBRAzureBlobAccount -SharedKey $SecureString, the result is an exception because that cmdlet is expecting only a String type on that parameter. 

Please take a look at this  https://helpcenter.veeam.com/docs/backup/powershell/set-vbrazureblobaccount.html?ver=120

Thank you at this point that sample code doesn’t work, so I’ve marked this post as solved for now. Thanks for your replies all but feel free to continue discussion.

Comment


Terms & Conditions