by lunarg on January 25th 2021, at 09:34

When using credentials in Powershell, you usually use Get-Credential, which essentially creates PSCredential objects. Creating such an object prompts the user to enter a username and password, which is not really usable in unattended scripts. There's a method where you can specify an unencrypted password but this is not secure. Fortunately, there's also a method where you can store the encrypted password in a file and use it to set the password.

Note that the password is stored in the file using a computer-based encryption key. This means that the file would only work on the computer it was generated on. Trying to use it elsewhere would invalidate the password file.

To create a password file, run this from a Powershell window:

Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File path-to-file

You will not get a real prompt: simply type the password will show * in the console. Type the password twice, pressing Enter, and the encrypted password will be saved.

In your scripts, you can then create PSCredential objects, specifying a username and using the contents of the file as a encrypted password:

$MyUser = "domainuser"
$MyPassword = cat path-to-file | ConvertTo-SecureString
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $MyUser, $MyPassword

This creates the PSCredential object $cred which can be used in many cmdlets requiring the use of credentials.

EDIT: added local computer notice