PowerShell Saving SecureCredentials and Converting to and from Text


Thought Leadership & Events
I wanted a way to save credentials to a file but I did not want it to be a plain text password.  To solve this challenge, I captured the name & password at the command prompt (or parameter), converted it to a secure string then saved it out to XML.  Then I needed to read in the XML and convert the secured password back to plain text.
I broke this into two different PS1 scripts.

1) Get-PWCreateCredFile.ps1 -> grab username/password from parameter or console; convert password to SecureString; save to XML file

<#
========= Get-PWCreateCredFile.ps1 =======================================
Name: Get-PWFromCredFile.ps1
Purpose: Create XML file with username and Secure Password stored.
Converts Text Version of Secure String to Plain Text
Partner function: Get-PWCreateCredFile.ps1

Description: grab username/password from parameter or console; convert password to SecureString; save to XML file

 Author: Dan Stolts – dstolts&microsoft.com – http://ITProGuru.com
Script Home: http://ITProGuru.com/Scripts
Syntax/Execution:
Copy portion of script you want to use and paste into PowerShell (or ISE)
.OR.
.\Get-PWCreateCredFile.ps1  -Name “FB_AppSecret”  -Password “MyFaceBookPassword”
.\Get-PWCreateCredFile.ps1  “GoogClientSecret”;         #Password will be requested at the console
.\Get-PWCreateCredFile.ps1  -Name “TwitterSecret”;      #Password will be requested at the console

Disclaimer: Use at your own Risk!  See details at http://ITProGuru.com/privacy
Limitations:
* Must Run PowerShell (or ISE)
# Leveraged: https://docs.microsoft.com/en-us/aspnet/identity/overview/features-api/best-practices-for-deploying-passwords-and-other-sensitive-data-to-aspnet-and-azure

 ================================================================================
#>#
param(
[Parameter(Mandatory=$true)]
[String]$Name,
[Parameter(Mandatory=$true)]
[String]$Password)
#$Name, $Password
$credPath = $PSScriptRoot + ‘\’ + $Name + “.credential”
$PWord = ConvertTo-SecureString -String $Password -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Name, $PWord
$Credential | Export-CliXml $credPath

2) Get-PWFromCredFile.ps1  -> Read in XML with SecurePassword; convert; return plain text version of password

<#
========= Get-PWFromCredFile.ps1 =======================================
Name: Get-PWFromCredFile.ps1
Purpose: Open and Read XML file with Secure Password stored.
Converts Text Version of Secure String to Plain Text
# Partner function of Get-PWCreateCredFile.ps1

Author: Dan Stolts – dstolts&microsoft.com – http://ITProGuru.com
Script Home: http://ITProGuru.com/Scripts
Syntax/Execution:
Copy portion of script you want to use and paste into PowerShell (or ISE)
.OR.
$myVar = Get-PWFromCredFile(“.\FB_AppSecret.credential”)
.OR.
Write-host $(Get-PWFromCredFile “.\FB_AppSecret.credential”)
.OR.
# Sample Uses: Read in Cred File to populate app settings array …
$AppSettings = @{
“FB_AppSecret”     = $(Get-PWfromCredFile “.\FB_AppSecret.credential”);
“GoogClientSecret” = $(Get-PWfromCredFile “.\GoogClientSecret.credential”);
“TwitterSecret”    = $(Get-PWfromCredFile “.\TwitterSecret.credential”);
}
$AppSettings
# Push settings up to Azure
Set-AzureWebsite -Name $WebSiteName -AppSettings $AppSettings

Disclaimer: Use at your own Risk!  See details at http://ITProGuru.com/privacy
Limitations:
* Must Run PowerShell (or ISE)
# Leveraged: https://docs.microsoft.com/en-us/aspnet/identity/overview/features-api/best-practices-for-deploying-passwords-and-other-sensitive-data-to-aspnet-and-azure

 ================================================================================
#>#
Function Get-PWfromCredFile { Param( [String]$CredFile )
#Debug $CredFile=”.\FB_AppSecret.credential”
[xml]$CredFileContent = Get-Content -Path $CredFile
#Username=$CredName captured just to show you how
$CredName = $CredFileContent.Objs.Obj.Props.S.’#text’
$CredPassSecTxt = $CredFileContent.Objs.Obj.Props.SS.’#text’
# $CredPassSecTxt This is the String representation of the Secure Password
# Still need to convert it to SecureString
$SecurePassword = ConvertTo-SecureString $CredPassSecTxt
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

<# The following is how you could create a credential out of the inforamtion
$UserName = “Domain\User”
$Credentials = New-Object System.Management.Automation.PSCredential `
-ArgumentList $CredName, $SecurePassword
#>#Create Credential out of information.
Return $UnsecurePassword
}