Hey everyone, I’m trying to figure out how to suppress logging, either entirely or for a particular section of the deployment script (e.g. Post-install). Anyone know how this can be done? My problem is there is a password being passed in the script, which is being logged in cleartext to the target machine and could in theory be obtained by the end user.
Execute-MSI ,Execute-Process and Execute-ProcessAsUser all have a -SecureParameters parameter which hides all parameters passed to the executable from the Toolkit log file.
That said, in newer versions of PSADT, Deploy-Application.ps1 has a new parameter called -DisableLogging which Disables logging to file for the entire script.
Ah, -SecureParameters worked perfectly, thanks!
You should also look at your script to see if its possible to eliminate using the password at all. While the password wont show in log files if you use -SecureParameters the password is still being stored in plain text in your script. If an attacker gains access to the cache folder or your source folders they can easily obtain the password.
That is true but sometimes it a license number.
If it’s a password, then using a password vault is best practice.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.