Настройка менеджера учетных лиц windows для работы с power shell security

  • Updated on June 19, 2024

There are PowerShell scripts where you have to authenticate and store passwords in PowerShell. Sometimes, you want to get a credential prompt to fill in the credentials and get the script running. Another time, you want to automate the task and save the password securely in an encrypted format. In this article, you will learn how to securely store credentials with PowerShell.

Table of contents

  • Interactive vs. Non-Interactive
  • Store credentials in PowerShell for user interaction (interactive)
  • Store credentials in PowerShell for automation (non-interactive)
  • Conclusion

Interactive vs. Non-Interactive

  • Interactive method requires user interaction, such as prompting the user to input a username and password. It proceeds further when the necessary information is given.
  • Non-interactive method does not require user input during script execution and typically rely on pre-configured settings, automated processes, or data provided in advance.

Important: Always fill in passwords securely, and never in plain text.

Store credentials in PowerShell for user interaction (interactive)

Method 1. Get-Credential

  1. Run the Get-Credential cmdlet to securely store your credentials in the $Creds variable
$Creds = Get-Credential
  1. A Windows PowerShell credential request appears where you must fill in the credentials
Securely store credentials with PowerShell request
  1. Run the $Creds variable in PowerShell
$Creds
  1. The output shows the username and the password shows as a secure string
UserName Password
-------- --------
myusername System.Security.SecureString

Method 2. PSCredential

  1. Run the below command to securely store your credentials in the $Creds variable
$Creds = [System.Management.Automation.PSCredential]::new((Read-Host -Prompt "Enter username"), (Read-Host -Prompt "Enter password" -AsSecureString))
  1. Enter the username and password
Enter username: myusername
Enter password: ****************
  1. Run the $Creds variable in PowerShell
$Creds
  1. The output shows the username and the password shows as a secure string
UserName Password
-------- --------
myusername System.Security.SecureString

This is excellent when you have a script that you run interactively, and you can input the credentials every time. But what if you are not behind the computer, and you want to automate the script with a scheduled task? Then, you have to use a different method.

:/>  Как изменить чувствительность мыши в Windows 10

Store credentials in PowerShell for automation (non-interactive)

  1. Run the Get-Credential cmdlet to securely store your credentials in the $Creds variable
$Creds = Get-Credential
  1. Enter your credentials
  2. Export the credentials to an encrypted XML file
$Creds | Export-CliXml -Path "C:\creds\credential.xml"
  1. Navigate to the path and verify the XML file
Securely store credentials with PowerShell XML
  1. Open the XML file and check that the password is encrypted
Securely store credentials with PowerShell open XML
$Creds = Import-CliXml -Path "C:\creds\credential.xml"

Conclusion

You learned how to store credentials securely with PowerShell. There are different methods to save credentials in PowerShell. Check if it’s an interactive or a non-interactive script and apply the correct method. Always ensure the passwords are filled in securely and not in clear text.