Simple PowerShell module to store passwords.

If you have PowerShell scripts with passwords hard-coded you don’t want to risk someone accidentally exposing the script with passwords available. I wrote a simple password vault module to keep passwords outside the scripts. It stores them as files so you will need a secure share or folder to store them. I have a Python version that does encryption and password storage also, maybe I will post that at some later date.

Save this code as a .PSM1 in the modules folder or where ever you like. You’ll need to change the paths in this code. Usage information and testing results are in the this code as well.

<#
.Synopsis
  PS-Vault.psm1: Simple password vault for PowerShell scripts.
  Charles Nichols, Sept. 10, 2019
 
.Description
  Get, Set, and Delete passwords securely within PowerShell.
 
.Parameter Account
  The account associated with the password. Also used to load the correct password.
 
.Parameter Password
  The password.
 
.Example
  # Retrieve a PSCredential Object.
  Import-Module "E:\MyScripts\PW-Vault.psm1"
  $auth = Get-Creds -Account "MyAccount"
 
.Example
  # Add a PSCredential Object.
  Import-Module "E:\MyScripts\PW-Vault.psm1"
  $auth = Set-Creds -Account "MyAccount" -Password "MyPassword"
 
.Example
  # Delete a PSCredential Object.
  Import-Module "E:\MyScripts\PW-Vault.psm1"
  $auth = Remove-Creds -Account "MyAccount"
 
.Example
  # Retrieve a password as string.
  Remove-Creds -Account $SecuredString
 
  $auth = Get-Creds -Account "MyAccount"
  Get-Password -SecurePassword $auth.Password
#>
 
$SafeStore = "e:\secret\" # Set path to your secure storage location.
 
Function Get-Creds {
    Param(
        [parameter(Mandatory=$true)]
        [String]$Account
    )
 
    $Store = "$SafeStore$($Account).xml"   
    Import-CliXml -Path $Store
}
 
Function Set-Creds {
    Param(
        [parameter(Mandatory=$true)]
        [String]$Account,
        [parameter(Mandatory=$true)]
        [String]$Password
    )
 
    $Exists = Test-Path $SafeStore
    If (-not $Exists) {
        New-Item -ItemType directory -Path $SafeStore
    }
 
    $secPass = ConvertTo-SecureString $Password -AsPlainText -Force
    $Cred = New-Object System.Management.Automation.PSCredential ($Account, $secPass)
    $Store = "$SafeStore$($Account).xml"
 
    $Cred | Export-CliXml -Path $Store
    # Get-Credential | Export-CliXml -Path $Store # Remove password param and set with auth dialog window instead.
}
 
Function Remove-Creds {
    Param(
        [parameter(Mandatory=$true)]
        [String]$Account
    )
 
    $Store = "$SafeStore$($Account).xml" 
    Remove-Item -Path $Store
}
 
Function Get-Password {
    Param(
        [parameter(Mandatory=$true)]
        [SecureString]$SecurePassword
    )
    $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
    [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
}
 
Export-ModuleMember -Function Get-Creds
Export-ModuleMember -Function Set-Creds
Export-ModuleMember -Function Remove-Creds
Export-ModuleMember -Function Get-Password
 
<# Testing ...
 
PS C:\Users\mohawke> Import-Module "e:\pwrshell\mods\PS-Vault.psm1"
 
PS C:\Users\mohawke> Set-Creds -Account "mohawke" -Password "P@ssw0rd"
 
PS C:\Users\mohawke> $Auth = Get-Creds -Account "mohawke"
 
PS C:\Users\mohawke> $Auth.GetType()
 
IsPublic IsSerial Name                                     BaseType                                                                                                                                                                                              
-------- -------- ----                                     --------                                                                                                                                                                                              
True     True     PSCredential                             System.Object                                                                                                                                                                                         
 
 
 
PS C:\Users\mohawke> $Auth.UserName
mohawke
 
PS C:\Users\mohawke> Get-Password -SecurePassword $Auth.Password
P@ssw0rd
 
PS C:\Users\mohawke> Remove-Creds -Account "mohawke"
 
#>