Veeam Backup & Replication and scripting go hand in hand really well. And the first thing you do when running a script is to connect to backup server
Connect-VBRServer -Server $ServerName -User $User -Password $Pass
Placing user and pass in clear text in a script may not be the best option. We could use PSCredential object to hold the username and password.
$PSCredential = Get-Credential Connect-VBRServer -Server $ServerName -Credential $PSCredential
However getting the credentials in the objects implies using Get-Credential cmdlet which is interactive and will prompt to type the user and password. This makes it hard to run the script in non-interactive mode.
To make it non-interactive we need password saved somewhere. To save and encrypted password we can use ConvertFrom-SecureString cmdlet and pipe the output to a file:
(Get-Credential).Password | ConvertFrom-SecureString | Set-Content $encPassFileName
Since the username could be stored in the script itself, we retrieve only the secure string for the password, pipe it to the encrypting cmdlet and then output it to a file. Opening the output file will list something similar to:
Now we need to create the PScredential object:
$password = Get-Content $encPassFileName | ConvertTo-SecureString $psCredential = New-Object System.Management.Automation.PsCredential($username,$password)
First, we loaded the content of the file storing the encrypted password and convert it to a secure string (PScredential objects use secure strings). Next we created the object with the username and the password. The generated object can be used to connect to VBR Server
Connect-VBRServer -Server $ServerName -Credential $PSCredential
By default, ConvertFrom-SecureString encryption is done using Windows Data Protection API (DPAPI). For this reason the file cannot be moved to another computer and used from that one. On each computer from where the script is being run, the password must be encrypted separately.