SOLVED

Secure Way to store lots of credentials using powershell

%3CLINGO-SUB%20id%3D%22lingo-sub-1552980%22%20slang%3D%22en-US%22%3ESecure%20Way%20to%20store%20lots%20of%20credentials%20using%20powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1552980%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20Community%26nbsp%3B%3C%2FP%3E%3CP%3EI%20wanted%20to%20ask%20if%20there%20is%20any%20way%20I%20can%20store%20lots%20of%20creedentials%20while%20still%20being%20able%20to%20use%20them%20in%20Powershell%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20dont%20want%20to%20enter%20anything%20in%20a%20popup%20window%2C%20because%20there%20are%20way%20to%20many%20credentials%20to%20to%20that%20by%20hand.%3C%2FP%3E%3CP%3EIs%20it%20possible%20that%20I%20can%20just%20put%20them%20in%20some%20kind%20of%20file%20and%20then%20get%20the%20wanted%20informations%20(while%20the%20file%20or%20its%20contents%20are%20somehow%20encrypted)%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMartin%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1552980%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECommunity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20PowerShell%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1553186%22%20slang%3D%22de-DE%22%3ERe%3A%20Secure%20Way%20to%20store%20lots%20of%20credentials%20using%20powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1553186%22%20slang%3D%22de-DE%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F333418%22%20target%3D%22_blank%22%3E%40DeepakRandhawa%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFirst%20of%20all%2C%20thank%20you%20for%20your%20answer!%3C%2FP%3E%3CP%3EI%20like%20your%20way%20of%20exporting%20it%20into%20a%20.xml%20file.%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3EBut%20the%20thing%20is%20that%20I%20have%20to%20enter%20the%20credentials%20into%20a%20popup%20window.%20I%20have%20too%20many%20credentials%20to%20be%20even%20remotely%20able%20to%20do%20it%20this%20way...%3C%2FP%3E%3CP%3EIs%20it%20somehow%20possible%20that%20I%20could%20put%20all%20of%20the%20credentials%20into%20a%20.csv%20(for%20example)%20with%20the%20username%20as%20plain%20text%20and%20the%20password%20encrypted%20SecureString%20so%20I%20have%20all%20them%20in%20one%20file%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMartin%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1553265%22%20slang%3D%22de-DE%22%3ERe%3A%20Secure%20Way%20to%20store%20lots%20of%20credentials%20using%20powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1553265%22%20slang%3D%22de-DE%22%3E%3CP%3EWell%20I%20kind%20of%20found%20a%20solution%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3E%23set%20credentials%0A%23set%20credentials%20path%0A%24CredPath%20%3D%20%22C%3A%5CScripts%5CCertify%5Cmycreds.xml%22%0A%23How%20many%20Credential%20Windows%20are%20going%20to%20show%0A%24creds%20%3D%20%40%7B%0A%20%20Local1%20%3D%20Get-Credential%20-Message%20LocalAccount1%0A%20%20Local2%20%3D%20Get-Credential%20-Message%20LocalAccount2%0A%20%20Local3%20%3D%20Get-Credential%20-Message%20LocalAccount3%0A%7D%0A%23export%20credentials%20which%20have%20been%20typed%20in%20manually%20as%20xml%0A%24creds%20%7C%20Export-Clixml%20-Path%20%24CredPath%0A%0A%23get%20credentials%0A%23import%20credentials%0A%24creds%20%3D%20Import-Clixml%20-Path%20%24CredPath%20%0A%0A%23list%20credentials%0A%24creds.Local1%0A%24creds.Local2%0A%24creds.Local3%0A%0A%23%20example%0AGet-WmiObject%20-Class%20Win32_BIOS%20-ComputerName%20server01%20-Credential%20%24creds.Local1%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20only%20problem%20now%3A%20there%20are%20still%20annoying%20popup%20windows%20where%20I%20have%20to%20enter%20all%20of%20this%20after%20one%20another%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20help%20me%20with%20that%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMartin%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1553151%22%20slang%3D%22en-US%22%3ERe%3A%20Secure%20Way%20to%20store%20lots%20of%20credentials%20using%20powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1553151%22%20slang%3D%22en-US%22%3Ei%20use%20below%20to%20export%20creds%20into%20an%20xml%20file%20(username%20is%20in%20plain%20text%20and%20passwords%20gets%20encrypted%20)%20%3A-%3CBR%20%2F%3EGet-Credential%20%7C%20Export-Clixml%20-Path%20%22C%3A%5CUsers%5Cusername%5CDesktop%5CCred.xml%22%3CBR%20%2F%3Eand%20then%20call%20them%20later%20using%20below%20in%20the%20required%20cmdlet%3A-%3CBR%20%2F%3E%22-Credential%20(Import-Clixml%20%22C%3A%5CUsers%5Cusername%5CDesktop%5CCred.xml%22)%22%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Dear Community 

I wanted to ask if there is any way I can store lots of creedentials while still being able to use them in Powershell?

 

I dont want to enter anything in a popup window, because there are way to many credentials to to that by hand.

Is it possible that I can just put them in some kind of file and then get the wanted informations (while the file or its contents are somehow encrypted)?

 

Thanks in advance

 

Martin

 

5 Replies
Highlighted
i use below to export creds into an xml file (username is in plain text and passwords gets encrypted ) :-
Get-Credential | Export-Clixml -Path "C:\Users\username\Desktop\Cred.xml"
and then call them later using below in the required cmdlet:-
"-Credential (Import-Clixml "C:\Users\username\Desktop\Cred.xml")"
Highlighted

@DeepakRandhawa 

First of all, thank you for your answer!

I like your way of exporting it into a .xml file. :)

But the thing is that I have to enter the credentials into a popup window. I have too many Credentials to be even remotely able to do it this way...

Is it somehow possible that I could put all of the credentials into a .csv (for example) with the username as plain text and the password encrypted using SecureString so I have all them in one file?

 

Cheers

 

Martin

Highlighted

Well I kind of found a solution:

 

 

#set credentials
#set credentials path
$CredPath = "C:\Scripts\Certify\mycreds.xml"
#How many Credential Windows are going to show
$creds = @{
  Local1 = Get-Credential -Message LocalAccount1
  Local2 = Get-Credential -Message LocalAccount2
  Local3 = Get-Credential -Message LocalAccount3
}
#export credentials which have been typed in manually as xml
$creds | Export-Clixml -Path $CredPath

#get credentials
#import credentials
$creds = Import-Clixml -Path $CredPath 

#list credentials
$creds.Local1
$creds.Local2
$creds.Local3

# example
Get-WmiObject -Class Win32_BIOS -ComputerName server01 -Credential $creds.Local1

 

 

My only problem now: there are still annoying popup windows where I have to enter all of this after one another

 

Can anyone help me with that?

 

Thanks in advance

 

Martin

Highlighted

you can create an xml file for each set of credentials by first storing the creds in plain text in a csv file, using below :-
$file = Import-Csv "C:\temp\file.csv"
foreach($entry in $file){
$output=@()
$identity=$entry.username.split("@")[0]
$Username = $entry.username
$Password = $entry.password
$SecurePassword = convertto-securestring $Password -asplaintext -force
$credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $Username, $SecurePassword
$output=$credentials
$output | Export-Clixml -Path "C:\temp\$identity.xml"
}
You can create a single xml file as well for all creds however i don't know if there will be an easy way to use that file to feed credentials back into a PS session.

Highlighted
Best Response confirmed by __Martin__ (Occasional Contributor)
Solution

@__Martin__ 

There are many ways to encrypt your password and store them in text file, csv, database, Windows credential vault and etc., In the end you still need to decrypt it to be able to use it.

 

So, my best bet would be to use Azure Key Vault.