Securing App Secret

%3CLINGO-SUB%20id%3D%22lingo-sub-908616%22%20slang%3D%22en-US%22%3ESecuring%20App%20Secret%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-908616%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F73387%22%20target%3D%22_blank%22%3E%40Raviv%20Tamir%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20blog%20post%26nbsp%3B%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Defender-ATP%2FWDATP-API-Hello-World-or-using-a-simple-PowerShell-script-to%2Fba-p%2F326813%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Defender-ATP%2FWDATP-API-Hello-World-or-using-a-simple-PowerShell-script-to%2Fba-p%2F326813%3C%2FA%3E%3C%2FFONT%3E%20the%20API%20call%20to%20create%20a%20token%20to%20configure%20a%20connection%20to%20ATP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F137176i0902902CE40D6310%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Get-Token.ps1.png%22%20title%3D%22Get-Token.ps1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20issue%20at%20hand%20is%20that%20the%20line%20%24appSecret%20%3D%20''%20%23%23%23%20Paste%20your%20own%20app%20keys%20here%20is%20all%20in%20clear%20text.%20We%20have%20issues%20with%20that%20in%20a%20script.%20Is%20there%20a%20way%20to%20secure%20that%20information%20so%20when%20someone%20looks%20at%20that%20script%2C%20they%20will%20not%20be%20able%20to%20attain%20all%20of%20the%20information%20needed%20to%20create%20that%20access%20token%3F%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-908616%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAPI%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EATP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDefender%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESEIM%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Contributor

@Raviv Tamir 

 

In the blog post https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/WDATP-API-Hello-World-or-using-a-simpl... the API call to create a token to configure a connection to ATP.

 

Get-Token.ps1.png

 

The issue at hand is that the line $appSecret = '' ### Paste your own app keys here is all in clear text. We have issues with that in a script. Is there a way to secure that information so when someone looks at that script, they will not be able to attain all of the information needed to create that access token?