PoshCode Logo PowerShell Code Repository

Export-PSCredential (modification of post by halr9000 view diff)
diff | embed code: <script type="text/javascript" src="http://PoshCode.org/embed/501"></script>download | new post

original filename: lib-authentication.ps1

These functions allow one to easily save network credentials to disk in a relatively secure manner. The resulting on-disk credential file can only [1] be decrypted by the same user account which performed the encryption. For more details, see the help files for ConvertFrom-SecureString and ConvertTo-SecureString as well as MSDN pages about Windows Data Protection API.

[1]: So far as I know today. Next week I’m sure a script kiddie will break it.

rev 2: added more comments
rev 3: removed custom type name due to issues on v1
rev 4: re-worked erorr checking to allow for username strings like get-credential
rev 5: fixed something I broke
rev 6: modified 8/4/08 JDH to create a global credential with a specified name

  1. # Author:       Hal Rottenberg <hal@halr9000.com>
  2. # Url:          http://halr9000.com/article/tag/lib-authentication.ps1
  3. # Purpose:      These functions allow one to easily save network credentials to disk in a relatively
  4. #                       secure manner.  The resulting on-disk credential file can only [1] be decrypted
  5. #                       by the same user account which performed the encryption.  For more details, see
  6. #                       the help files for ConvertFrom-SecureString and ConvertTo-SecureString as well as
  7. #                       MSDN pages about Windows Data Protection API.
  8. #                       [1]: So far as I know today.  Next week I'm sure a script kiddie will break it.
  9. #
  10. # Usage:        Export-PSCredential [-Credential <PSCredential object>] [-Path <file to export>]
  11. #
  12. #                       If Credential is not specififed, user is prompted by Get-Credential cmdlet.
  13. #                       If not specififed, Path is "./credentials.enc.xml".
  14. #                       Output: FileInfo object referring to saved credentials
  15. #
  16. #                       Import-PSCredential [-Path <file to import>]
  17. #
  18. #                       If not specififed, Path is "./credentials.enc.xml".
  19. #                       Output: PSCredential object
  20.  
  21. function Export-PSCredential {
  22.         param ( $Credential = (Get-Credential), $Path = "credentials.enc.xml" )
  23.  
  24.         # Look at the object type of the $Credential parameter to determine how to handle it
  25.         switch ( $Credential.GetType().Name ) {
  26.                 # It is a credential, so continue
  27.                 PSCredential            { continue }
  28.                 # It is a string, so use that as the username and prompt for the password
  29.                 String                          { $Credential = Get-Credential -credential $Credential }
  30.                 # In all other caess, throw an error and exit
  31.                 default                         { Throw "You must specify a credential object to export to disk." }
  32.         }
  33.        
  34.         # Create temporary object to be serialized to disk
  35.         $export = New-Object PSObject
  36.         Add-Member -InputObject $export -Name Username -Value $Credential.Username `
  37.                 -MemberType NoteProperty
  38.  
  39.         # Encrypt SecureString password using Data Protection API
  40.         $EncryptedPassword = $Credential.Password | ConvertFrom-SecureString
  41.         Add-Member -InputObject $export -Name EncryptedPassword -Value $EncryptedPassword `
  42.                 -MemberType NoteProperty
  43.        
  44.         # Give object a type name which can be identified later
  45.         $export.PSObject.TypeNames.Insert(0,’ExportedPSCredential’)
  46.        
  47.  
  48.         # Export using the Export-Clixml cmdlet
  49.         $export | Export-Clixml $Path
  50.         Write-Host -foregroundcolor Green "Credentials saved to: " -noNewLine
  51.  
  52.         # Return FileInfo object referring to saved credentials
  53.         Get-Item $Path
  54. }
  55.  
  56. function Import-PSCredential {
  57.         param ( [string]$Path = "credentials.enc.xml",[string]$cred)
  58.  
  59. #modified 8/4/08 JDH
  60. #to create a global credential with a specified name
  61.  
  62.         # Import credential file
  63.         $import = Import-Clixml $Path
  64.  
  65.         # Test for valid import
  66.         if ( !$import.UserName -or !$import.EncryptedPassword ) {
  67.                 Throw "Input is not a valid ExportedPSCredential object, exiting."
  68.         }
  69.         $Username = $import.Username
  70.  
  71.         # Decrypt the password and store as a SecureString object for safekeeping
  72.         $SecurePass = $import.EncryptedPassword | ConvertTo-SecureString
  73.  
  74.         # Build the new credential object
  75.         $Credential = New-Object System.Management.Automation.PSCredential $Username, $SecurePass
  76.  
  77.         if ($cred) {
  78.                 New-Variable -Name $cred -scope Global -value $Credential
  79.         } else {
  80.                 Write-Output $Credential
  81.         }
  82. }

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:


Remember me