Skip to main content

Documentation Index

Fetch the complete documentation index at: https://tally.wharflab.com/llms.txt

Use this file to discover all available pages before exploring further.

powershell/PSAvoidUsingPlainTextForPassword is a PSScriptAnalyzer diagnostic emitted by tally for PowerShell snippets embedded in Dockerfiles.
PropertyValue
SeverityWarning
CategoryPSScriptAnalyzer
Auto-fixNo

Description

Password parameters that take in plaintext will expose passwords and compromise the security of your system. Passwords should be stored in the SecureString type. The following parameters are considered password parameters (this is not case sensitive):
  • Password
  • Pass
  • Passwords
  • Passphrase
  • Passphrases
  • PasswordParam
If a parameter is defined with a name in the above list, it should be declared with type SecureString.

How

Change the type to SecureString.

Examples

Problematic code

function Test-Script
{
    [CmdletBinding()]
    Param
    (
        [string]
        $Password
    )
    ...
}

Correct code

function Test-Script
{
    [CmdletBinding()]
    Param
    (
        [SecureString]
        $Password
    )
    ...
}

Source

This rule documentation is adapted from Microsoft’s PSScriptAnalyzer documentation for AvoidUsingPlainTextForPassword, licensed under CC BY 4.0.