PowerShell Secure Strings

Clearly the preference would be to let a script run as the logged on user, or to prompt for a password other than storing it, but sometimes the need doesn’t give you those options.  PowerShell provides a way to do this other than storing the password in clear text.  This TechNet article has all the details.  I’m storing the key bits for me here for quick reference later.

First, you need to get your password into a SecureString:

$PlainPassword = "P@ssw0rd"
$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force

Then convert to a encrypted format.  This can only be used as the same user on the same machine, so you’ll have to set it up as the unattended user for it to work.

$SecureStringAsPlainText = $SecurePassword | ConvertFrom-SecureString

Then you grab that encrypted plaintext and use it in your script.

$UserName = 'user'
$SecureStringAsPlainText = 'SSPT'
$SecureString = $SecureStringAsPlainText  | ConvertTo-SecureString
$cred = New-Object System.Management.Automation.PSCredential ($UserName, $SecureString)

If you want to test this, and see why this is a potentially risky thing to do, run this to see your password spit back out in the clear.

$cred.GetNetworkCredential().Password
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s