• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar
OpenTechTips

OpenTechTips

Comprehensive IT Guides for Pros and Enthusiasts

MENUMENU
  • HOME
  • ALL TOPICS
    • Exchange
    • InfoSec
    • Linux
    • Networking
    • Scripting
      • PowerShell
    • SSL
    • Tools
    • Virtualization
    • Web
    • Windows
  • ABOUT
  • SUBSCRIBE
Home » How to SECURELY store credentials for PowerShell scripts

How to SECURELY store credentials for PowerShell scripts

April 30, 2020 - by Zsolt Agoston - last edited on May 11, 2020

How to SECURELY store credentials for PowerShell scriptsEvery day we need to log into hundreds of portals, as it is important for security, there must be a way to script it, automate logins without putting our actual passwords in scripts in plain text, right? Luckily this is exactly the case! User credentials (meaning username and password combinations) can be saved in Windows credential manager where they are encrypted and only accessible by us, only under that specific user account that stores them. In this article we go through the procedure of storing a credential, for example to access Exchange Online, and we log into the portal using the stored credential, with no password prompts whatsoever 🙂

Before You Begin

As a first step we need to install the Credential Manager PowerShell module. This module does not come with PowerShell by default. You'll need to install it before jumping to the next section, which is adding a new credential to the store. Open PowerShell, and issue the following command:

Install-Module CredentialManager
How to SECURELY store credentials for PowerShell scripts

Save credentials

To store a new credential we need to use the Get-Credential cmdlet to store it in memory, then the New-StoredCredential cmdlet will save it in our the encrypted credential vault of our useraccount, under [userprofile]\AppData\Local\Microsoft\Vault

Get-Credential -UserName admin@alwayshotcafe.onmicrosoft.com -Message "EOL" | New-StoredCredential -Target outlook.office365.com
How to SECURELY store credentials for PowerShell scripts

Use the pre-stored credentials

In this example we import the credentials in a variable and use it to access Exchange Online

How to SECURELY store credentials for PowerShell scripts

We check that the credential is available, then we proceed with the login

$cred = Get-StoredCredential -Target outlook.office365.com
Connect-ExchangeOnline -Credential $cred
How to SECURELY store credentials for PowerShell scripts

Troubleshooting

If the Connect-ExchangeOnline cmdlet is not recognized, install the missing module:

Install-Module ExchangeOnlineManagement

Reader Interactions

Comments Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Tools

Secondary Sidebar

CONTENTS

  • Before You Begin
  • Save credentials
  • Use the pre-stored credentials
  • Troubleshooting

  • Terms of Use
  • Disclaimer
  • Privacy Policy
Manage your privacy

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.

Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}
Manage your privacy
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}