Dela via


Powershell Tip - Storing and Using Password Credentials

So I've been doing quite a bit of Powershell scripting lately, and this little tid-bit came in very handy, so I thought I'd share it with you all.

In Powershell you can use the Get-Credential cmdlet to get alternate logon credentials when you need to perform a task from the shell.  But the Get-Credential cmdlet won't accept a hardcoded password in a script.  So, how do you write a script that needs to run without user intervention and needs to use credentials other than those of the account used to run it?

Well, here is the answer.

First, we need to get our password, then pump it into a file.  Doing this encodes the password and stores it in our output file so no-one can read it.

PS C:\> read-host -assecurestring | convertfrom-securestring | out-file C:\cred.txt

Once we have our password safely stored away, we can draw it back into our scripts..

PS C:\> $password = get-content C:\cred.txt | convertto-securestring

Then finally, we can create our credential object, which we pump into other cmdlets.

PS C:\> $credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "myusername",$pass

There you have it, storing a password in an external file, then accessing it from your scripts.  It's a snap.  Open-mouthed

Technorati Tags: Powershell

Share this post :

Locations of visitors to this page

Comments

  • Anonymous
    January 01, 2003
    This may be a better approach: http://gallery.technet.microsoft.com/scriptcenter/PowerShell-Credentials-d44c3cde

  • Anonymous
    January 01, 2003
    Hi Rob.... Exactly what I was looking for and in a really clear and concise manor. Massive thank you you've saved me a hefty headache!!! Cheers

  • Anonymous
    January 01, 2003
    PingBack from http://www.keyongtech.com/2836323-how-to-pass-credentials

  • Anonymous
    January 01, 2003
    I'm no fan of saving credentials, and it generally violates my customers' security requirements but I ran into a situation where I couldn't do without it.  I'm surprised it has taken this long for me to really need it.

  • Anonymous
    January 01, 2003
    FYI, this reverses the encoding: http://stackoverflow.com/questions/7468389/powershell-decode-system-security-securestring-to-readable-password

  • Anonymous
    January 01, 2003
    Expanding on Mike Crowley's Comment,

    ConvertTo-SecureString returns a SecureString, which is weak, trivially reversible encryption as Mike pointed out.
    (http://social.technet.microsoft.com/wiki/contents/articles/4546.working-with-passwords-secure-strings-and-credentials-in-windows-powershell.aspx)

    On the other hand,
    ConvertFrom-SecureString returns a AES or DPAPI Encrypted string, which is assumed not to be decryptable without having the user key.
    (http://technet.microsoft.com/en-us/library/hh849814.aspx)

  • Anonymous
    January 06, 2014
    Pingback from cisco ucs backup script.ps1 - PowerSloth

  • Anonymous
    May 27, 2014
    Pingback from parameters - Hardcode run-as encrypted certification in Powershell | Zap Video

  • Anonymous
    June 13, 2014
    Pingback from Office 365 Migration–Notes from a newbie. Or Killer Mistakes I made. | Title (Required)

  • Anonymous
    June 16, 2014
    Pingback from Office 365 Migration–Notes from a newbie. Or Killer Mistakes I made. | Title (Required)

  • Anonymous
    June 18, 2014
    Pingback from Office 365 Migration–Notes from a newbie. Or Killer Mistakes I made. | Title (Required)

  • Anonymous
    October 28, 2015
    Hi,
    is it possible to use this "save credentials" to access O365?
    I want my script to look something like this so It can be automated.

    1) read-host -assecurestring | convertfrom-securestring | out-file C:cred.txt

    2) $password = get-content C:cred.txt | convertto-securestring

    3) $credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "myusername",$pass

    4) $UserCredential = Get-Credential (WANT TO SKIP THIS STEP)

    5) $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

    6) Import-PSSession $Session

    7) Set-Mailbox "From" -ForwardingAddress "To@domain.com" -DeliverToMailboxAndForward $true (to Activate rule)

    8) Set-Mailbox "From" -ForwardingAddress $null (to Deactivate r