When you do a lot of automation at one point you will run into the situation that you need credentials for accessing some application or API. Obviously you don’t want to store those credentials somewhere in plain text. With PowerShell, one way to store sensitive data in a secure way is to store them encrypted in a text file. Using an example I will explain how this can be done very easily using PowerShell.

Store credentials

First we need to store the data encrypted, for instance a password.

$password = "<some_password>" | ConvertTo-SecureString -AsPlainText -Force
$password | ConvertFrom-SecureString | Set-Content "<some_filepath>"

The ConvertFrom-SecureString and ConvertTo-SecureString cmdlets use DPAPI (Windows Data Protection API) for encrypting and decrypting data. So when you store the credentials using the Service account Provisior uses, then only the Service account can be used to retrieve the credentials.

Retrieve credentials

To retrieve the credentials from the text file, you simply do this:

$password = Get-Content "<some_filepath>" | ConvertTo-SecureString