Storing Encrypted PowerShell Credentials On Disk

Security is like backups; no one wants to do it and by the time you need it, it’s too late. Brandon knows a thing or two about security stuff and PowerShell. In this video, he somehow manages to use the Get-Credential cmdlet and store that PSCredential object to disk encrypted. Show-off.

Sometimes you need to save powershell credential objects to disk for use later on. This techsnip will show you how to do just that let's get started. To save a credential object, we first need to have one so let's get a credential by using the get credential commandlet. We can take a look at the credential object, and note that the password field is a secure string. If you need to verify the password inside the credential. You can use to get network credential method on the object and look at the password property. To save the credential object to disk will use the export CLI. XML Commandlet and give it the path through a file we want to export to. If we inspect exported XML file you can see that it is save. The object as type system management automation. PS credential and that the username is in plain text. But the password has been encrypted internally powershell has used the windows data protection API to securely save the password in encrypted form. To import this XML file and create a new powershell credential from it will use the import CLI XML commandlet. We can expect a new credential and see that the username and password are the same as the original credential. Now it is important to note that only the original user on the original machine can import the XML file and decrypt the save to secure string to recreate the powershell credential. And that is how you can store encrypted PowerShell credentials to disk.