Can you send an API secret key if it is encrypted?
Very basic question... Trying to figure this out before I go back to work tomorrow, so unfortunately I do not have access to my Powershell script, but I will post it tomorrow if I don't figure it out.
I have created a text file containing my encrypted API secret key. When I send the GET request with my key hardcoded in the application, it works as expected. However, when I store the encrypted key in a variable and then attempt the GET request using that variable, I get an error saying it cannot authenticate the key. Is this because I have to decrypt it before I send it?
Update:
Still unclear on how to solve this. Concerned about vulnerabilities if I decrypt the key within my script.
$key = new-object -typename System.Management.Automation.PSCredential -
argumentlist $keyFile.username, $keyFile.password
$secret = new-object -typename System.Management.Automation.PSCredential -
argumentlist $secretFile.username, $secretFile.password
$tc='[{"data":"pdnsBlah.domaincontrol.com","name":"-
","ttl":9999,"type":"NS"},
{"data":"pdnsBlah.domaincontrol.com","name":"-","ttl":9999,"type":"NS"}]'
# Event log settings
$eventLog = "Application"
$eventSource = "GoDaddyDNSMonitor"
#check to see if event source exists, if not create one
if (![System.Diagnostics.EventLog]::SourceExists($eventSource))
{
New-EventLog -LogName $eventLog -Source $eventSource
}
#Here is where my issue lies########################################
$newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H
"Authorization: sso-key $key`:$secret"
https://api.godaddy.com/...
If ($tc -ne $newConfig)
{
$Message = "DNS Nameserver @ GoDaddy has changed to " + $newConfig + "
Application Infrastructure On-call needs to be paged. Details are below."
Write-EventLog -LogName $eventLog -Source $eventSource -EventID 20000 -
EntryType Error -Message $Message
echo "false"
}
else {
echo "true"
}
Thanks for your help and patience.
powershell api
add a comment |
Very basic question... Trying to figure this out before I go back to work tomorrow, so unfortunately I do not have access to my Powershell script, but I will post it tomorrow if I don't figure it out.
I have created a text file containing my encrypted API secret key. When I send the GET request with my key hardcoded in the application, it works as expected. However, when I store the encrypted key in a variable and then attempt the GET request using that variable, I get an error saying it cannot authenticate the key. Is this because I have to decrypt it before I send it?
Update:
Still unclear on how to solve this. Concerned about vulnerabilities if I decrypt the key within my script.
$key = new-object -typename System.Management.Automation.PSCredential -
argumentlist $keyFile.username, $keyFile.password
$secret = new-object -typename System.Management.Automation.PSCredential -
argumentlist $secretFile.username, $secretFile.password
$tc='[{"data":"pdnsBlah.domaincontrol.com","name":"-
","ttl":9999,"type":"NS"},
{"data":"pdnsBlah.domaincontrol.com","name":"-","ttl":9999,"type":"NS"}]'
# Event log settings
$eventLog = "Application"
$eventSource = "GoDaddyDNSMonitor"
#check to see if event source exists, if not create one
if (![System.Diagnostics.EventLog]::SourceExists($eventSource))
{
New-EventLog -LogName $eventLog -Source $eventSource
}
#Here is where my issue lies########################################
$newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H
"Authorization: sso-key $key`:$secret"
https://api.godaddy.com/...
If ($tc -ne $newConfig)
{
$Message = "DNS Nameserver @ GoDaddy has changed to " + $newConfig + "
Application Infrastructure On-call needs to be paged. Details are below."
Write-EventLog -LogName $eventLog -Source $eventSource -EventID 20000 -
EntryType Error -Message $Message
echo "false"
}
else {
echo "true"
}
Thanks for your help and patience.
powershell api
Though this is not all up PKI, the same principal applies. Unless the code or destination can decrypt it using the defined key, then nope. Since you encrypted it, there is no way for the destination to decrypt it. This is no different than using a self-signed certificate to encrypt things, without sending the public key to the target in order to decrypt. PKI 101.
– postanote
Jan 17 at 1:25
Please clarify: “When I send the GET request with my key hardcoded...” - do you mean you hardcode the unencrypted key? If yes, then it is quite apparent the API is looking for the unencrypted key.
– Appleoddity
Jan 17 at 5:41
Thanks for your responses! @appleoddity I did in fact mean the unencrypted key was hardcoded. I am about to head to work, and will attempt to solve with both of your comments in mind.
– dillon.harless
Jan 17 at 13:08
add a comment |
Very basic question... Trying to figure this out before I go back to work tomorrow, so unfortunately I do not have access to my Powershell script, but I will post it tomorrow if I don't figure it out.
I have created a text file containing my encrypted API secret key. When I send the GET request with my key hardcoded in the application, it works as expected. However, when I store the encrypted key in a variable and then attempt the GET request using that variable, I get an error saying it cannot authenticate the key. Is this because I have to decrypt it before I send it?
Update:
Still unclear on how to solve this. Concerned about vulnerabilities if I decrypt the key within my script.
$key = new-object -typename System.Management.Automation.PSCredential -
argumentlist $keyFile.username, $keyFile.password
$secret = new-object -typename System.Management.Automation.PSCredential -
argumentlist $secretFile.username, $secretFile.password
$tc='[{"data":"pdnsBlah.domaincontrol.com","name":"-
","ttl":9999,"type":"NS"},
{"data":"pdnsBlah.domaincontrol.com","name":"-","ttl":9999,"type":"NS"}]'
# Event log settings
$eventLog = "Application"
$eventSource = "GoDaddyDNSMonitor"
#check to see if event source exists, if not create one
if (![System.Diagnostics.EventLog]::SourceExists($eventSource))
{
New-EventLog -LogName $eventLog -Source $eventSource
}
#Here is where my issue lies########################################
$newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H
"Authorization: sso-key $key`:$secret"
https://api.godaddy.com/...
If ($tc -ne $newConfig)
{
$Message = "DNS Nameserver @ GoDaddy has changed to " + $newConfig + "
Application Infrastructure On-call needs to be paged. Details are below."
Write-EventLog -LogName $eventLog -Source $eventSource -EventID 20000 -
EntryType Error -Message $Message
echo "false"
}
else {
echo "true"
}
Thanks for your help and patience.
powershell api
Very basic question... Trying to figure this out before I go back to work tomorrow, so unfortunately I do not have access to my Powershell script, but I will post it tomorrow if I don't figure it out.
I have created a text file containing my encrypted API secret key. When I send the GET request with my key hardcoded in the application, it works as expected. However, when I store the encrypted key in a variable and then attempt the GET request using that variable, I get an error saying it cannot authenticate the key. Is this because I have to decrypt it before I send it?
Update:
Still unclear on how to solve this. Concerned about vulnerabilities if I decrypt the key within my script.
$key = new-object -typename System.Management.Automation.PSCredential -
argumentlist $keyFile.username, $keyFile.password
$secret = new-object -typename System.Management.Automation.PSCredential -
argumentlist $secretFile.username, $secretFile.password
$tc='[{"data":"pdnsBlah.domaincontrol.com","name":"-
","ttl":9999,"type":"NS"},
{"data":"pdnsBlah.domaincontrol.com","name":"-","ttl":9999,"type":"NS"}]'
# Event log settings
$eventLog = "Application"
$eventSource = "GoDaddyDNSMonitor"
#check to see if event source exists, if not create one
if (![System.Diagnostics.EventLog]::SourceExists($eventSource))
{
New-EventLog -LogName $eventLog -Source $eventSource
}
#Here is where my issue lies########################################
$newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H
"Authorization: sso-key $key`:$secret"
https://api.godaddy.com/...
If ($tc -ne $newConfig)
{
$Message = "DNS Nameserver @ GoDaddy has changed to " + $newConfig + "
Application Infrastructure On-call needs to be paged. Details are below."
Write-EventLog -LogName $eventLog -Source $eventSource -EventID 20000 -
EntryType Error -Message $Message
echo "false"
}
else {
echo "true"
}
Thanks for your help and patience.
powershell api
powershell api
edited Jan 17 at 14:39
dillon.harless
asked Jan 16 at 23:28
dillon.harlessdillon.harless
83
83
Though this is not all up PKI, the same principal applies. Unless the code or destination can decrypt it using the defined key, then nope. Since you encrypted it, there is no way for the destination to decrypt it. This is no different than using a self-signed certificate to encrypt things, without sending the public key to the target in order to decrypt. PKI 101.
– postanote
Jan 17 at 1:25
Please clarify: “When I send the GET request with my key hardcoded...” - do you mean you hardcode the unencrypted key? If yes, then it is quite apparent the API is looking for the unencrypted key.
– Appleoddity
Jan 17 at 5:41
Thanks for your responses! @appleoddity I did in fact mean the unencrypted key was hardcoded. I am about to head to work, and will attempt to solve with both of your comments in mind.
– dillon.harless
Jan 17 at 13:08
add a comment |
Though this is not all up PKI, the same principal applies. Unless the code or destination can decrypt it using the defined key, then nope. Since you encrypted it, there is no way for the destination to decrypt it. This is no different than using a self-signed certificate to encrypt things, without sending the public key to the target in order to decrypt. PKI 101.
– postanote
Jan 17 at 1:25
Please clarify: “When I send the GET request with my key hardcoded...” - do you mean you hardcode the unencrypted key? If yes, then it is quite apparent the API is looking for the unencrypted key.
– Appleoddity
Jan 17 at 5:41
Thanks for your responses! @appleoddity I did in fact mean the unencrypted key was hardcoded. I am about to head to work, and will attempt to solve with both of your comments in mind.
– dillon.harless
Jan 17 at 13:08
Though this is not all up PKI, the same principal applies. Unless the code or destination can decrypt it using the defined key, then nope. Since you encrypted it, there is no way for the destination to decrypt it. This is no different than using a self-signed certificate to encrypt things, without sending the public key to the target in order to decrypt. PKI 101.
– postanote
Jan 17 at 1:25
Though this is not all up PKI, the same principal applies. Unless the code or destination can decrypt it using the defined key, then nope. Since you encrypted it, there is no way for the destination to decrypt it. This is no different than using a self-signed certificate to encrypt things, without sending the public key to the target in order to decrypt. PKI 101.
– postanote
Jan 17 at 1:25
Please clarify: “When I send the GET request with my key hardcoded...” - do you mean you hardcode the unencrypted key? If yes, then it is quite apparent the API is looking for the unencrypted key.
– Appleoddity
Jan 17 at 5:41
Please clarify: “When I send the GET request with my key hardcoded...” - do you mean you hardcode the unencrypted key? If yes, then it is quite apparent the API is looking for the unencrypted key.
– Appleoddity
Jan 17 at 5:41
Thanks for your responses! @appleoddity I did in fact mean the unencrypted key was hardcoded. I am about to head to work, and will attempt to solve with both of your comments in mind.
– dillon.harless
Jan 17 at 13:08
Thanks for your responses! @appleoddity I did in fact mean the unencrypted key was hardcoded. I am about to head to work, and will attempt to solve with both of your comments in mind.
– dillon.harless
Jan 17 at 13:08
add a comment |
1 Answer
1
active
oldest
votes
Alright, so I figured out the issue. Many thanks to those who commented and got me past my first hurdle. Definitely couldn't send an encrypted file to the sever and apparently, many servers do not know how to handle PSCredential objects.
Details here: https://blogs.technet.microsoft.com/heyscriptingguy/2013/03/26/decrypt-powershell-secure-string-password/
And here is how I solved it.
$keyObject = new-object -typename System.Management.Automation.PSCredential -
argumentlist $keyFile.username, $keyFile.password
$secretObject = new-object -typename System.Management.Automation.PSCredential -
argumentlist $secretFile.username, $secretFile.password
$newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H "Authorization:
sso-key
$($keyObject.GetNetworkCredential().Password):$($secretObject.GetNetworkCredential().Password)" https://api.godaddy.com/...
...
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395160%2fcan-you-send-an-api-secret-key-if-it-is-encrypted%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Alright, so I figured out the issue. Many thanks to those who commented and got me past my first hurdle. Definitely couldn't send an encrypted file to the sever and apparently, many servers do not know how to handle PSCredential objects.
Details here: https://blogs.technet.microsoft.com/heyscriptingguy/2013/03/26/decrypt-powershell-secure-string-password/
And here is how I solved it.
$keyObject = new-object -typename System.Management.Automation.PSCredential -
argumentlist $keyFile.username, $keyFile.password
$secretObject = new-object -typename System.Management.Automation.PSCredential -
argumentlist $secretFile.username, $secretFile.password
$newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H "Authorization:
sso-key
$($keyObject.GetNetworkCredential().Password):$($secretObject.GetNetworkCredential().Password)" https://api.godaddy.com/...
...
add a comment |
Alright, so I figured out the issue. Many thanks to those who commented and got me past my first hurdle. Definitely couldn't send an encrypted file to the sever and apparently, many servers do not know how to handle PSCredential objects.
Details here: https://blogs.technet.microsoft.com/heyscriptingguy/2013/03/26/decrypt-powershell-secure-string-password/
And here is how I solved it.
$keyObject = new-object -typename System.Management.Automation.PSCredential -
argumentlist $keyFile.username, $keyFile.password
$secretObject = new-object -typename System.Management.Automation.PSCredential -
argumentlist $secretFile.username, $secretFile.password
$newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H "Authorization:
sso-key
$($keyObject.GetNetworkCredential().Password):$($secretObject.GetNetworkCredential().Password)" https://api.godaddy.com/...
...
add a comment |
Alright, so I figured out the issue. Many thanks to those who commented and got me past my first hurdle. Definitely couldn't send an encrypted file to the sever and apparently, many servers do not know how to handle PSCredential objects.
Details here: https://blogs.technet.microsoft.com/heyscriptingguy/2013/03/26/decrypt-powershell-secure-string-password/
And here is how I solved it.
$keyObject = new-object -typename System.Management.Automation.PSCredential -
argumentlist $keyFile.username, $keyFile.password
$secretObject = new-object -typename System.Management.Automation.PSCredential -
argumentlist $secretFile.username, $secretFile.password
$newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H "Authorization:
sso-key
$($keyObject.GetNetworkCredential().Password):$($secretObject.GetNetworkCredential().Password)" https://api.godaddy.com/...
...
Alright, so I figured out the issue. Many thanks to those who commented and got me past my first hurdle. Definitely couldn't send an encrypted file to the sever and apparently, many servers do not know how to handle PSCredential objects.
Details here: https://blogs.technet.microsoft.com/heyscriptingguy/2013/03/26/decrypt-powershell-secure-string-password/
And here is how I solved it.
$keyObject = new-object -typename System.Management.Automation.PSCredential -
argumentlist $keyFile.username, $keyFile.password
$secretObject = new-object -typename System.Management.Automation.PSCredential -
argumentlist $secretFile.username, $secretFile.password
$newConfig=C:Usersdi203179DocumentsCurlbincurl.exe -s -X GET -H "Authorization:
sso-key
$($keyObject.GetNetworkCredential().Password):$($secretObject.GetNetworkCredential().Password)" https://api.godaddy.com/...
...
edited Jan 18 at 13:53
answered Jan 17 at 14:38
dillon.harlessdillon.harless
83
83
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395160%2fcan-you-send-an-api-secret-key-if-it-is-encrypted%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Though this is not all up PKI, the same principal applies. Unless the code or destination can decrypt it using the defined key, then nope. Since you encrypted it, there is no way for the destination to decrypt it. This is no different than using a self-signed certificate to encrypt things, without sending the public key to the target in order to decrypt. PKI 101.
– postanote
Jan 17 at 1:25
Please clarify: “When I send the GET request with my key hardcoded...” - do you mean you hardcode the unencrypted key? If yes, then it is quite apparent the API is looking for the unencrypted key.
– Appleoddity
Jan 17 at 5:41
Thanks for your responses! @appleoddity I did in fact mean the unencrypted key was hardcoded. I am about to head to work, and will attempt to solve with both of your comments in mind.
– dillon.harless
Jan 17 at 13:08