Obfuscating password in batch script
Solution 1
You could also hide the password in an alternate data stream:
First, add the somewhat secret password to an alternate data stream of your script:
echo somewhatsecretpassword>script.bat:pwd
Here's how to retrieve the password into the variable %p%
:
for /f "usebackq delims=" %i in (script.bat:pwd) do set p=%i
From within the batch file itself you may use something like:
for /f "usebackq delims=" %%i in (%~0:pwd) do set p=%%i
This is not secure!
Please consider:
- This is not secure!
- Alternate data streams do not get copied everywhere (FAT)
- Passwords containing special characters may need to be escaped in order to get written correctly to the stream
- ... it is not secure
Solution 2
Another option might be to obfuscate a "password", which is not secure at all but might be sufficent in certain situations
:main
set a=pas
set b=rd
set /p input=
if %input%==%a%swo%b% goto start
:start
<your code here>
goto main
the password is "password", but it's a bit obfuscated.
tnw
Updated on June 14, 2022Comments
-
tnw almost 2 years
I have a batch script with a password sitting in it as part of a command that requires credentials that I do not want to prompt for credentials. I am not worried about external threats, but I don't really want a co-worker going in there and seeing that password. While I trust them not to abuse it, I'd rather not have it there at all.
I was able to do this pretty easily with PowerShell by just storing a secure string in a text file. Pretty basic, but at least there's no plain text passwords laying around. That's all I really need.
How can I obfuscate a password in a batch script?
-
LS_ᴅᴇᴠ over 10 yearsI would recommend using command-line immediately in
FOR
to avoid storing password in environment variables. -
Charemer about 6 yearsnitpicky grammar: 'You could also hide the password in a[n] alternate data stream'. the 'an' form is always used when the following word begins with a vowel sound (compare 'a engine' with 'an engine'). Solution is just what I was looking for though - just enough to prevent the superficially curious and for the secret to be lost if the file is copied away.
-
Justin German about 6 years@Charemer I just corrected it, I did get it right on the second line....