encrypt pw in PS scripts

Posted on 2014-07-16
Last Modified: 2014-07-16
Script to move users to Exchange Online.  How do I encrypt the password in these automated scripts, as below, using Task Scheduler?

$cred = New-Object "", (convertTo-SecureString "Pass123" -AsPlainText -Force)
$cred1 = New-Object "wdw\3dougk035", (convertTo-SecureString "Pass123" -AsPlainText -Force)
Question by:Kati Dougherty
    LVL 4

    Accepted Solution

    The only way to encrypt PowerShell script (to hide the hard-coded password in your case) is converting script to Secure-String.

    You can use a function that will enrypt the script into SecureString (.bin):

    function Encrypt-Script($path, $destination) {
      $script = Get-Content $path | Out-String
      $secure = ConvertTo-SecureString $script -asPlainText -force
      $export = $secure | ConvertFrom-SecureString
      Set-Content $destination $export
      "Script '$path' has been encrypted as '$destination'"

    Open in new window

    Now when you look at the content, it's encrypted:

    Get-Content $home\secure.bin

    Open in new window

    You can create a function that will execute encrypted script:

    function Execute-EncryptedScript($path) {
      trap { "Decryption failed"; break }
      $raw = Get-Content $path
      $secure = ConvertTo-SecureString $raw
      $helper = New-Object system.Management.Automation.PSCredential("test", $secure)
      $plain = $helper.GetNetworkCredential().Password
      Invoke-Expression $plain

    Open in new window

    And call this function to execute:

    Execute-EncryptedScript $home\secure.bin

    Open in new window

    Please note that you're using your Windows identity to encrypt the script, so only your user will be able to decrypt.

    Author Comment

    by:Kati Dougherty
    Awesome!!  Thanks so much.  I will try this and re-post.  THANKS!!

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
    Learn more about the importance of email disclaimers with our top 10 email disclaimer DOs and DON’Ts.
    This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now