Web Deployment Tool Now Works With Credential Store

The Web Deployment Tool will be releasing a brand new feature in the newest version 1.1.  This new feature will allow users to store their passwords in Window’s credential store on command-line using Web Deploy and / or access credential stored password information via command-line.  This is very useful if you do not want to expose your password on command-line and keep it from showing up in any of your log files that may capture command line input.

The way to accomplish this is two new switches ( straight from command-line help ):

getCredentials=<target>

                                Target identifies the credentials (username
                                and password) in the Windows Credential
                                Manager to be used when connecting to
                                remote computer.

storeCredentials=<target>

                                Username and password will be stored in the
                                Windows Credential Manager under the target
                                identifier.

Example of “storeCredentials” is as follows:

msdeploy.exe –verb:dump –source:iisapp=”Default Web Site/”,computername=MachineName,username=User,password=Password,storeCredentials=UserCredential

Now to get the above credential back using the “getCredentials”.

msdeploy.exe –verb:dump –source:iisapp=”Default Web Site/”,computername=MachineName,getCredentials=UserCredential

In the above examples there is a few things to take note of starting with the “storeCredential” switch.

> Regardless of the output, the target credential will be stored if Web Deploy can interpret the command successfully.

> “storeCredential” is very useful in XP environments as there is no UI for credential store in XP.

> You can view credentials you store in non-XP operating systems in a UI like this one, ( 2008 example ) by navigating “User Accounts > Manage your network passwords”

Some notes about “getCredentials”:

> You can only do a “getCredentials” on credentials that your user account stored, so if any user stores credentials in the credential store, you will not be able to use this target under a different user who did not store the credentials.  And actually, Web Deploy will give no indication whether or not the target existed in the store.

          > A downside to this is you will have to perform a storeCredentials on any targets you use when you switch to other user accounts.