Powershell Tip – Storing and Using Password Credentials


So I’ve been doing quite a bit of Powershell scripting lately, and this little tid-bit came in very handy, so I thought I’d share it with you all.

In Powershell you can use the Get-Credential cmdlet to get alternate logon credentials when you need to perform a task from the shell.  But the Get-Credential cmdlet won’t accept a hardcoded password in a script.  So, how do you write a script that needs to run without user intervention and needs to use credentials other than those of the account used to run it?

Well, here is the answer.

First, we need to get our password, then pump it into a file.  Doing this encodes the password and stores it in our output file so no-one can read it.

PS C:\> read-host -assecurestring | convertfrom-securestring | out-file C:\cred.txt

Once we have our password safely stored away, we can draw it back into our scripts..

PS C:\> $password = get-content C:\cred.txt | convertto-securestring

Then finally, we can create our credential object, which we pump into other cmdlets.

PS C:\> $credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "myusername",$pass

There you have it, storing a password in an external file, then accessing it from your scripts.  It’s a snap.  Open-mouthed

Technorati Tags:

Share this post :

Locations of visitors to this page


Comments (12)

  1. Anonymous says:

    Hi Rob….

    Exactly what I was looking for and in a really clear and concise manor. Massive thank you you've saved me a hefty headache!!!

    Cheers

  2. Anonymous says:

    I'm no fan of saving credentials, and it generally violates my customers' security requirements but I ran into a situation where I couldn't do without it.  I'm surprised it has taken this long for me to really need it.

  3. Anonymous says:

    Expanding on Mike Crowley’s Comment,

    ConvertTo-SecureString returns a SecureString, which is weak, trivially reversible encryption as Mike pointed out.
    (http://social.technet.microsoft.com/wiki/contents/articles/4546.working-with-passwords-secure-strings-and-credentials-in-windows-powershell.aspx)

    On the other hand,
    ConvertFrom-SecureString returns a AES or DPAPI Encrypted string, which is assumed not to be decryptable without having the user key.
    (http://technet.microsoft.com/en-us/library/hh849814.aspx)

  4. Anonymous says:

    Pingback from cisco ucs backup script.ps1 – PowerSloth

  5. Anonymous says:

    Pingback from parameters – Hardcode run-as encrypted certification in Powershell | Zap Video

  6. Anonymous says:

    Pingback from Office 365 Migration–Notes from a newbie. Or Killer Mistakes I made. | Title (Required)

  7. Anonymous says:

    Pingback from Office 365 Migration–Notes from a newbie. Or Killer Mistakes I made. | Title (Required)

  8. Anonymous says:

    Pingback from Office 365 Migration–Notes from a newbie. Or Killer Mistakes I made. | Title (Required)

  9. Jannis.F says:

    Hi,
    is it possible to use this "save credentials" to access O365?
    I want my script to look something like this so It can be automated.

    1) read-host -assecurestring | convertfrom-securestring | out-file C:cred.txt

    2) $password = get-content C:cred.txt | convertto-securestring

    3) $credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "myusername",$pass

    4) $UserCredential = Get-Credential (WANT TO SKIP THIS STEP)

    5) $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
    https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

    6) Import-PSSession $Session

    7) Set-Mailbox "From" -ForwardingAddress "To@domain.com" -DeliverToMailboxAndForward $true (to Activate rule)

    8) Set-Mailbox "From" -ForwardingAddress $null (to Deactivate r