Fix plain text that should be secure strings

SamErde · Sep 17, 2024 · 4dfc05e · 4dfc05e
1 parent 63a1a13
commit 4dfc05e
Showing 1 changed file with 25 additions and 28 deletions.
diff --git a/Set DNS Records for No-Email Domains.ps1 b/Set DNS Records for No-Email Domains.ps1
@@ -4,7 +4,7 @@
 
 .DESCRIPTION
     This script will check your Cloudflare account (or the scope that your API token has access to)
-    for zones (domains) that do not contain MX records. For those zones that do not use email, it will 
+    for zones (domains) that do not contain MX records. For those zones that do not use email, it will
     create SPF, DKIM, and DMARC messages indicating that all messages should be rejected for the domain.
 
 .NOTES
@@ -18,7 +18,7 @@
             Check for existence of SPF, DKIM, and DMARC records
             Wrap in functions
             Actually handle pagination in results
-    
+
   Opportunities:
             Add other DNS providers
             Make it a module?
@@ -31,28 +31,26 @@
 # Capture the current path of the script, or use the working directory if run at the console.
 if ($PSScriptRoot) {
     $ScriptPath = $PSScriptRoot
-}
-else {
+} else {
     $ScriptPath = $pwd
 }
 
 # Use if the API token is stored in a text file, which should also be listed in .gitignore.
 $ApiTokenTextFilePath = "$ScriptPath\APIToken.txt"
 # If the text file does not exist, prompt the user to enter their API token.
 if (Test-Path $ApiTokenTextFilePath) {
-    $CloudflareApiToken = Get-Content $ApiTokenTextFilePath | ConvertTo-SecureString -AsPlainText -Force
-}
-else {
-    $CloudflareApiToken = Read-Host -Prompt "Please enter your Cloudflare API token" -MaskInput | ConvertTo-SecureString -AsPlainText -Force
+    $CloudflareApiToken = Get-Content $ApiTokenTextFilePath | ConvertTo-SecureString
+} else {
+    $CloudflareApiToken = Read-Host -Prompt 'Please enter your Cloudflare API token' -AsSecureString
 }
 
 $BaseUri = 'https://api.cloudflare.com/client/v4'
 $Params = @{
-    Uri = "$BaseUri/zones"
-    Authentication = "Bearer"
-    Token = $CloudflareApiToken
+    Uri            = "$BaseUri/zones"
+    Authentication = 'Bearer'
+    Token          = $CloudflareApiToken
 }
-$ZoneCount = (Invoke-RestMethod @Params -SessionVariable "ApiSession").result_info.total_count
+$ZoneCount = (Invoke-RestMethod @Params -SessionVariable 'ApiSession').result_info.total_count
 
 # Outputs =====================================================================
 $LogFilePath = "$ScriptPath\Set DNS Record for No Email.log"
@@ -61,25 +59,25 @@ $MxDomains = [System.Collections.ArrayList]::new()
 
 # SPF record for a domain that does not use email:
 $SpfRecord = @{
-    "type" = "TXT"
-    "name" = "@"
-    "content" = "v=spf1 -all"
+    'type'    = 'TXT'
+    'name'    = '@'
+    'content' = 'v=spf1 -all'
 } | ConvertTo-Json
 # DKIM record for a domain that does not use email:
 $DkimRecord = @{
-    "type" = "TXT"
-    "name" = "*._domainkey"
-    "content" = "v=DKIM1; p="
+    'type'    = 'TXT'
+    'name'    = '*._domainkey'
+    'content' = 'v=DKIM1; p='
 } | ConvertTo-Json
 # DMARC record for a domain that does not use email:
 $DmarcRecord = @{
-    "type" = "TXT"
-    "name" = "_dmarc"
-    "content" = "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;"
+    'type'    = 'TXT'
+    'name'    = '_dmarc'
+    'content' = 'v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;'
 } | ConvertTo-Json
 
 # Combined DNS records:
-$EmailSecurityRecords = @($SpfRecord,$DkimRecord,$DmarcRecord)
+$EmailSecurityRecords = @($SpfRecord, $DkimRecord, $DmarcRecord)
 #endregion
 #==============================================================================
 
@@ -92,8 +90,7 @@ foreach ($zone in ($zones)) {
     $MxRecords = (Invoke-RestMethod -WebSession $ApiSession -Uri "$BaseUri/zones/$($zone.id)/dns_records?type=MX").result
     if ($MxRecords.Count -gt 0) {
         $MxDomains.Add($zone) | Out-Null
-    }
-    else {
+    } else {
         $NoMxDomains.Add($zone) | Out-Null
     }
 }
@@ -105,11 +102,11 @@ foreach ($Zone in $($NoMxDomains)) {
     # Loop through the three email security records and create each one.
     foreach ($item in $EmailSecurityRecords) {
         $PostParams = @{
-            Uri = "$BaseUri/zones/$($Zone.id)/dns_records/"
-            Body = $item
-            Method = 'Post'
+            Uri            = "$BaseUri/zones/$($Zone.id)/dns_records/"
+            Body           = $item
+            Method         = 'Post'
             Authentication = 'Bearer'
-            Token = $CloudflareApiToken
+            Token          = $CloudflareApiToken
         }
         $PostResults = Invoke-RestMethod @PostParams -ErrorAction SilentlyContinue
         $PostResults.result | Add-Content -Path $LogFilePath