I had a requirement recently in my adventures with Azure JSON/DSC VM deployment, I needed a way to store source files and software in a repository in a publicly accessible Azure blob storage container. So that post deployment, my VM could use DSC and pull down the source files, decrypt them and work with them.
The only way I could do this is if I safely encrypted the files, so if someone got access to them, I wouldn’t really care, they’d be effectively useless.
Below uses encryption using two strings passwords as well as any certificate’s thumbprint as added security. It means that the certificate you use is a bit relaxed on the type of certificate you use, but as long at the certificate you use is installed on all target machines when the decryption takes place.
The script below uses Rijndael encryption (pronounced rain-dahl), it is the algorithm that has been selected by the U.S. National Institute of Standards and Technology (NIST) as the candidate for the Advanced Encryption Standard (AES). AES is a subset of the Rijndael cipher developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen. AES has been adopted by the U.S. government and is now used worldwide.