Information

This article was written for a presentation of the French Powershell UserGroup.

This presentation can be seen on Youtube on the FRPSUG channel

Initial Request

From my beginnings on powershell, I quickly asked myself the question of managing credentials in my scripts

From the simple need that is perhaps managed in a basic way to the use of credentials in automatic scripts I have long sought the best way to do it.

Processing the request

1. Get-Credential

The easiest way to use credentials and use the basic command

$cred = Get-Credential -Message "Message displayed in the popup" -UserName MyUser  The result is as follows PS >$cred

--------                           --------
MyUser System.Security.SecureString


This $cred variable can be used for example in the following command Enter-PSSession -ComputerName MyComputerName -Credential$cred


2. ConvertFrom-SecureString : Disk storage

Another solution, a little more advanced, is to store the password in a file on the PC. Naturally this storage must be done in a secure manner. As before, you must first create the $Cred object $cred = Get-Credential -Message "Message displayed in the popup" -UserName MyUser


In a second step we will store the password encrypted on the hard drive

$Cred.Password | ConvertFrom-SecureString | Out-File C:\temp\password.txt  In the file c:\temp\password.txt the password is in this form 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000057670149ac674a41ad9d185a8a82724b0000000002000000000010660000000100002000000093aaaf1ed598a69bbfb4cc77e81dfeb2786f26db6184538833af18054ef1a8a3000000000e800000000200002000000098c97f4f344d0159f337966d55060ad3297cae7515938457a713ddd9eaac5cdf200000003d986891fb27cb3983f798082083ac734d97d6235a186d3cc43db26f63bd44684000000018620d4739c0a26a6261e8c9867e94605cd35c61090c982999d5bb09fb54ec7d9a3499ebeb304c67720edfa37a34fe7fd4bce8fd8468dbee5081f56c81f4ce46  To be able to use this password stored securely, it must first be decrypted. To do this we will proceed as follows Pour pouvoir utiliser ce mot de passe stocké de façon sécurisé, il faut d'abord le décrypter. Pour ce faire nous allons procéder de la façon suivante $Username = "MyUser"
$SecurePassword = Get-Content c:\temp\password.txt | ConvertTo-SecureString$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$SecurePassword

PS > $cred UserName Password -------- -------- MyUser System.Security.SecureString  As in point 1 we end up with a $Cred variable usable in the command

Enter-PSSession -ComputerName MyComputerName -Credential $cred  3. Export-Clixml : Disk storage The advantage of this methodology is that you can leverage the versatility of PowerShell to ensure that data is not only exported, but also stored securely using secure strings. Note that these credentials created can only be opened by the same user on the same system. To create the export file, proceed as follows get-credential -message "user password ?" -UserName MonUtilisateur | Export-Clixml -Path "c:\temp\user.xml"  The file c:\temp\user.xml contains the following information <Objs Version="1.1.0.1" xmlns="http://schemas.microsoft.com/powershell/2004/04"> <Obj RefId="0"> <TN RefId="0"> <T>System.Management.Automation.PSCredential</T> <T>System.Object</T> </TN> <ToString>System.Management.Automation.PSCredential</ToString> <Props> <S N="UserName">MyUser</S> <SS N="Password">01000000d08c9ddf0115d1118c7a00c04fc297eb0100000057670149ac674a41ad9d185a8a82724b00000000020000000000106600000001000020000000dadd8864c9b930a2eb07a6745ac4fb5711912c318c401f7e35bb91d4d1cc180b000000000e8000000002000020000000b5a862ba266c236357445b773ca38d73ed124cf82d863ac4c11e2b48d57fca4b2000000054180930ba9fd53a6c4bdd9d7f69c044c88072b0d411486bccc1ca3cca417bf440000000d6197eafe8a133235bd1b44e376c3ff02e94da9f39b7d24b9a68ef5dbd629e44180ce15c3e67830d758fa1296f60a98cb2371ef915990c921e728f44c72c4cbd</SS> </Props> </Obj> </Objs>  To retrieve the information, use the command $Cred = Import-Clixml -Path "c:\temp\user.xml"


again we get our variable well $Cred PS >$cred