Credential objects contain a username and a password. You can create them using Get-Credential, and then supply this object to any cmdlet that has the -Credential parameter.
However, what do you do if you want your scripts to run without user intervention yet securely? You do not want a credentials dialog to pop up, and you do not want to store the password information inside the script.
function Export-Credential
Here’s a solution: use the function Export-Credential to save the credential to file:
function Export-Credential
{
param
(
[Parameter(Mandatory=$true)]
$Path,
[System.Management.Automation.Credential()]
[Parameter(Mandatory=$true)]
$Credential
)
$CredentialCopy = $Credential | Select-Object *
$CredentialCopy.Password = $CredentialCopy.Password | ConvertFrom-SecureString
$CredentialCopy | Export-Clixml $Path
}
This would save a credential for the user tobias to a file:
Note that while you do this, the credentials dialog pops up and securely asks for your password. The resulting file contains XML, and the password is encrypted.
function Import-Credential
Now, when you need the credential, use Import-Credential to get it back from file:
function Import-Credential
{
param
(
[Parameter(Mandatory=$true)]
$Path
)
$CredentialCopy = Import-Clixml $path
$CredentialCopy.password = $CredentialCopy.Password | ConvertTo-SecureString
New-Object system.Management.Automation.PSCredential($CredentialCopy.username, $CredentialCopy.password)
}
The “secret” used for encryption and decryption is your identity, so only you (the user that exported the credential) can import it again. No need to hard-code secrets into your script.
ReTweet this Tip!