Simple PowerShell module to store passwords.
If you have PowerShell scripts with passwords hard-coded you don’t want to risk someone accidentally exposing the script with passwords available. I wrote a simple password vault module to keep passwords outside the scripts. It stores them as files so you will need a secure share or folder to store them. I have a Python version that does encryption and password storage also, maybe I will post that at some later date.
Save this code as a .PSM1 in the modules folder or where ever you like. You’ll need to change the paths in this code. Usage information and testing results are in the this code as well.
<#
.Synopsis
PS-Vault.psm1: Simple password vault for PowerShell scripts.
Charles Nichols, Sept. 10, 2019
.Description
Get, Set, and Delete passwords securely within PowerShell.
.Parameter Account
The account associated with the password. Also used to load the correct password.
.Parameter Password
The password.
.Example
# Retrieve a PSCredential Object.
Import-Module "E:\MyScripts\PW-Vault.psm1"
$auth = Get-Creds -Account "MyAccount"
.Example
# Add a PSCredential Object.
Import-Module "E:\MyScripts\PW-Vault.psm1"
$auth = Set-Creds -Account "MyAccount" -Password "MyPassword"
.Example
# Delete a PSCredential Object.
Import-Module "E:\MyScripts\PW-Vault.psm1"
$auth = Remove-Creds -Account "MyAccount"
.Example
# Retrieve a password as string.
Remove-Creds -Account $SecuredString
$auth = Get-Creds -Account "MyAccount"
Get-Password -SecurePassword $auth.Password
#>
$SafeStore = "e:\secret\" # Set path to your secure storage location.
Function Get-Creds {
Param(
[parameter(Mandatory=$true)]
[String]$Account
)
$Store = "$SafeStore$($Account).xml"
Import-CliXml -Path $Store
}
Function Set-Creds {
Param(
[parameter(Mandatory=$true)]
[String]$Account,
[parameter(Mandatory=$true)]
[String]$Password
)
$Exists = Test-Path $SafeStore
If (-not $Exists) {
New-Item -ItemType directory -Path $SafeStore
}
$secPass = ConvertTo-SecureString $Password -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential ($Account, $secPass)
$Store = "$SafeStore$($Account).xml"
$Cred | Export-CliXml -Path $Store
# Get-Credential | Export-CliXml -Path $Store # Remove password param and set with auth dialog window instead.
}
Function Remove-Creds {
Param(
[parameter(Mandatory=$true)]
[String]$Account
)
$Store = "$SafeStore$($Account).xml"
Remove-Item -Path $Store
}
Function Get-Password {
Param(
[parameter(Mandatory=$true)]
[SecureString]$SecurePassword
)
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
[System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
}
Export-ModuleMember -Function Get-Creds
Export-ModuleMember -Function Set-Creds
Export-ModuleMember -Function Remove-Creds
Export-ModuleMember -Function Get-Password
<# Testing ...
PS C:\Users\mohawke> Import-Module "e:\pwrshell\mods\PS-Vault.psm1"
PS C:\Users\mohawke> Set-Creds -Account "mohawke" -Password "P@ssw0rd"
PS C:\Users\mohawke> $Auth = Get-Creds -Account "mohawke"
PS C:\Users\mohawke> $Auth.GetType()
IsPublic IsSerial Name BaseType
-------- -------- ---- --------
True True PSCredential System.Object
PS C:\Users\mohawke> $Auth.UserName
mohawke
PS C:\Users\mohawke> Get-Password -SecurePassword $Auth.Password
P@ssw0rd
PS C:\Users\mohawke> Remove-Creds -Account "mohawke"
#>