Securing App Secret

%3CLINGO-SUB%20id%3D%22lingo-sub-908616%22%20slang%3D%22en-US%22%3ESecuring%20App%20Secret%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-908616%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F73387%22%20target%3D%22_blank%22%3E%40Raviv%20Tamir%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20blog%20post%26nbsp%3B%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Defender-ATP%2FWDATP-API-Hello-World-or-using-a-simple-PowerShell-script-to%2Fba-p%2F326813%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Defender-ATP%2FWDATP-API-Hello-World-or-using-a-simple-PowerShell-script-to%2Fba-p%2F326813%3C%2FA%3E%3C%2FFONT%3E%20the%20API%20call%20to%20create%20a%20token%20to%20configure%20a%20connection%20to%20ATP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F137176i0902902CE40D6310%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Get-Token.ps1.png%22%20title%3D%22Get-Token.ps1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20issue%20at%20hand%20is%20that%20the%20line%20%24appSecret%20%3D%20''%20%23%23%23%20Paste%20your%20own%20app%20keys%20here%20is%20all%20in%20clear%20text.%20We%20have%20issues%20with%20that%20in%20a%20script.%20Is%20there%20a%20way%20to%20secure%20that%20information%20so%20when%20someone%20looks%20at%20that%20script%2C%20they%20will%20not%20be%20able%20to%20attain%20all%20of%20the%20information%20needed%20to%20create%20that%20access%20token%3F%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-908616%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAPI%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EATP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDefender%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESEIM%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Shaun Jennings
Contributor

@Raviv Tamir 

 

In the blog post https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/WDATP-API-Hello-World-or-using-a-simpl... the API call to create a token to configure a connection to ATP.

 

Get-Token.ps1.png

 

The issue at hand is that the line $appSecret = '' ### Paste your own app keys here is all in clear text. We have issues with that in a script. Is there a way to secure that information so when someone looks at that script, they will not be able to attain all of the information needed to create that access token?

 
 
Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
32 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies