Storing PowerShell Credentials in the local user registry


From time to time, it may be necessary to save credentials for automating some portion of a script or function. Here is a method to save and retrieve those credentials as a secure string from the current user's registry hive as opposed to saving them in plain text or as a secure string in a file.  Copy/paste the following into a .ps1 (or download the attached script) and run as the user account under which you want to store registry credentials.

The final output of the script will the the code snippet necessary to insert into your script that you can use to call the specific credential you stored.  Be sure to store and retrieve the credentials under the user context your script will be running!

I've screencapped what it looks like when you run it (minus the Get-Credential prompt, since I wanted you to be able to see everything that happens afterwards).  Copy/paste the script or download the full one at the bottom of the post.

<#
Write-Credentials into HKCU Hive
comments / questions to aaron.guilmette@microsoft.com
#>

$OrgName = Read-Host "Enter Organization or Application Name"
Write-Host -ForegroundColor Green Storing $OrgName as $OrgName.Replace(" ","")
$OrgName = $OrgName.Replace(" ","")
If (!(Test-Path "HKCU:\Software\$OrgName\Credentials"))
    { 
    Try
        {
        Write-Host -ForegroundColor Red "Credentials Path Not Found."
        New-Item -Path "HKCU:\Software\$OrgName" -Name "Credentials" -Force
        }
    Catch
        {
        [System.Exception]
        Write-Host -Foreground Red "Unable to create path."
        }
    Finally
        {
        }
    }

$secureCredential = Get-Credential -Message "Enter service account credential in`
DOMAIN\Username or Username@Domain.com format.
" $credentialName = Read-Host "Enter a name for this credential" $securePasswordString = $secureCredential.Password | ConvertFrom-SecureString $userNameString = $secureCredential.Username Write-Host -ForegroundColor Green "Storing credential '$usernameString' under`
HKCU:\Software\$OrgName\Credentials\$credentialName.
" New-Item -Path HKCU:\Software\$OrgName\Credentials\$credentialName New-ItemProperty -Path HKCU:\Software\$OrgName\Credentials\`
$credentialName -PropertyType String -Name UserName -Value $userNameString New-ItemProperty -Path HKCU:\Software\$OrgName\Credentials\`
$credentialName -PropertyType String -Name Password -Value $securePasswordString Write-Host "To retrieve this credential, you must be logged in as the current user and`
copy/paste this
" Write-Host "into the credential area of your PowerShell script, referecing your`
credential as
" '$credential'":" Write-Host `n Write-Host -ForegroundColor Cyan " " '$secureCredUserName' "= Get-ItemProperty`
-Path HKCU:\Software\$OrgName\Credentials\$credentialName -Name UserName
" Write-Host -ForegroundColor Cyan " " '$secureCredPassword' "= Get-ItemProperty`
-Path HKCU:\Software\$OrgName\Credentials\$credentialName -Name Password
" Write-Host -ForegroundColor Cyan `n Write-Host -ForegroundColor Cyan " " '$securePassword' "= ConvertTo-SecureString"`
'$secureCredPassword' Write-Host -ForegroundColor Cyan " " '$credential' "= New-Object -TypeName`
System.Management.Automation.PSCredential -ArgumentList
" '$secureCredUserName,`
$securePassword
'

RegistryCredential.ps1

Comments (4)

  1. anonymouscommenter says:

    Recent Releases and Announcements

    SQL Server 2016 CTP 3 Preview

    https://www.microsoft.com

  2. CoolStuff says:

    Slight typo in the last part,
    Write-Host -ForegroundColor Cyan ” ” ‘$securePassword’ “= ConvertTo-SecureString” ‘$secureCredPassword’
    should read
    Write-Host -ForegroundColor Cyan ” ” ‘$securePassword’ “= ConvertTo-SecureString” ‘$secureCredPassword'”.Password”
    Tested on Win10

    1. CoolStuff says:

      Actually, there is more than one error here. i ended up creating a read and write functions. Note that in the read function i have had to specify not just the key but the item in the reg key. ie: .Username or .Password, otherwise you end up sending the entire regkey contents to new-object which causes it to complain about not having an overload function; which is right, it expects: String, SecureString; not array, array.
      Function Read-Credentials() {
      param(
      [Parameter(Mandatory=$true, Position=0)] [string]$CredentialName
      )
      $CredentialPath = “HKCU:\Software\Agility\Credentials\”$CredentialName
      $secureCredUserName = (Get-ItemProperty -Path $CredentialPath -Name UserName).Username
      $secureCredPassword = (Get-ItemProperty -Path $CredentialPath -Name Password).Password

      $securePassword = ConvertTo-SecureString $secureCredPassword -force
      $credential = New-Object System.Management.Automation.PSCredential ($secureCredUserName, $securePassword)
      return $credential
      }

      Function Write-Credentials() {

      $OrgName = “Agility”
      Write-Host -ForegroundColor Green Storing $OrgName as $OrgName.Replace(” “,””)
      $OrgName = $OrgName.Replace(” “,””)
      If (!(Test-Path “HKCU:\Software\$OrgName\Credentials”))
      {
      Try
      {
      Write-Host -ForegroundColor Red “Credentials Path Not Found.”
      New-Item -Path “HKCU:\Software\$OrgName” -Name “Credentials” -Force
      }
      Catch
      {
      [System.Exception]
      Write-Host -Foreground Red “Unable to create path.”
      }
      Finally
      {
      }
      }

      $secureCredential = Get-Credential -Message “Enter service account credential in DOMAIN\Username or Username@Domain.com format.”
      $credentialName = Read-Host “Enter a name for this credential”
      $securePasswordString = $secureCredential.Password | ConvertFrom-SecureString
      $userNameString = $secureCredential.Username

      Write-Host -ForegroundColor Green “Storing credential ‘$usernameString’ under HKCU:\Software\$OrgName\Credentials\$credentialName.”

      New-Item -Path HKCU:\Software\$OrgName\Credentials\$credentialName
      New-ItemProperty -Path HKCU:\Software\$OrgName\Credentials\$credentialName -PropertyType String -Name UserName -Value $userNameString
      New-ItemProperty -Path HKCU:\Software\$OrgName\Credentials\$credentialName -PropertyType String -Name Password -Value $securePasswordString
      }

Skip to main content