Hi All,
I’m having another wierd one here.
I’ve got an automation script that connects to a database and returns data. I’ve created a secret variable and wish to use that. I’m using the following:
$sec = ($Secret:MySecretName).password | Convertfrom-SecureString -AsPlainText
This works great when executing the script manually or through an app. But it throws an error when doing it as an scheduled job?
The error message is:
“Cannot bind argument to parameter ‘SecureString’ because it is null.”
Yet, it returns the data even though it errors out, like it has authenticated somehow..
Trying to peek into the $sec variables shows the secret when running the script manually, but does not work when scheduled…
This is a bit confusing because the scheduled job will show as “error” when in fact it seems to work.
Any ideas what’s going on here?
That’s because scheduled jobs don’t run in user context, so they aren’t authenticated and can’t access the secrets. You need to create an app token for an identity that has admin access to PSU (or at least has access to the secrets you need to reference below), and then add the following to the top of your script (before any lines that attempt to access secrets) being called in your scheduled task:
$AppToken = <redacted>
Connect-PSUServer -AppToken $AppToken -ComputerName 'https://<redacted>'
Or, if you prefer not to have your app token and FQDN defined within the script directly, you could create a non-secret (standard) variable in PSU that contains the app token and another that contains the PSU FQDN, and then you could do:
Connect-PSUServer -AppToken $PSUInternalToken -ComputerName $PSUFQDN
That solved my issue. It’s a bit sad that secrets cannot be used in these scenarios, but I can live with the standard variables for now.
Thank you for taking the time to explain what’s going on and for offering solutions. I really appreciate your help!
1 Like