PowerShell Connection - Secure Credentials

Sep 8, 2011 at 2:01 PM


I am developing a script that makes use for the SSH.NET library. I find it to be an excellent library, simple and straight forward.

Currently, in PowerShell, I perform the following:

[reflection.assembly]::LoadFrom((Resolve-Path "Renci.SshNet.dll")
$SSH = New-Object -TypeName Renci.SSHNet.SSHClient -ArgumentList $VCIP, $UserName, $Password $SSH.Connect()

This works very well, and in my current use cause I use the RunCommand method to get information back from the client.

My issue is that the above requires that plain text credentials are passed. I am connecting to a large number of devices as part of an automated task. Can anybody help me store and use credentials in a non-readable format?

I was thinking of doing something like this to store the password:

(Get-Credential).Password | ConvertFrom-SecureString | set-content c:\temp\test.creds

and then using it later:

$SecurePassword = Get-Content c:\temp\test.creds | ConvertTo-SecureString


Does anybody have any suggestions?


P.S. If anybody is wondering how to use the .NET 4.0 component in PowerShell, you need a PowerShell config file:

  1. Create powershell.exe.config %windir%\System32\WindowsPowerShell\v1.0
  2. In the config file, add the following XML.
    <?xml version="1.0"?>
        <startup useLegacyV2RuntimeActivationPolicy="true">
            <supportedRuntime version="v4.0.30319"/>
            <supportedRuntime version="v2.0.50727"/>
  3. Restart PowerShell.


Thanks very much. Regards,



Sep 8, 2011 at 4:41 PM

The only suggestion I can give you is to use private key file, may be that will help.


I could possibly introduce SecureString type for password in connection string if it will make sence.


Feb 1, 2012 at 10:43 AM

It's also possible to decrypt the password so you get is as plaintext

$SecurePassword = Get-Content c:\temp\test.creds | ConvertTo-SecureString

$PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword))