encrypt pw in PS scripts

Script to move users to Exchange Online.  How do I encrypt the password in these automated scripts, as below, using Task Scheduler?

$cred = New-Object System.management.automation.PSCredential "kati.3dougherty@twdc.onmicrosoft.com", (convertTo-SecureString "Pass123" -AsPlainText -Force)
$cred1 = New-Object System.management.automation.PSCredential "wdw\3dougk035", (convertTo-SecureString "Pass123" -AsPlainText -Force)
Kati DoughertyCollaboration ArchitectAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Philip PortnoySr. MS SQL DBA and Technical Account ManagerCommented:
The only way to encrypt PowerShell script (to hide the hard-coded password in your case) is converting script to Secure-String.

You can use a function that will enrypt the script into SecureString (.bin):

function Encrypt-Script($path, $destination) {
  $script = Get-Content $path | Out-String
  $secure = ConvertTo-SecureString $script -asPlainText -force
  $export = $secure | ConvertFrom-SecureString
  Set-Content $destination $export
  "Script '$path' has been encrypted as '$destination'"
}

Open in new window


Now when you look at the content, it's encrypted:

Get-Content $home\secure.bin

Open in new window


You can create a function that will execute encrypted script:

function Execute-EncryptedScript($path) {
  trap { "Decryption failed"; break }
  $raw = Get-Content $path
  $secure = ConvertTo-SecureString $raw
  $helper = New-Object system.Management.Automation.PSCredential("test", $secure)
  $plain = $helper.GetNetworkCredential().Password
  Invoke-Expression $plain
}

Open in new window


And call this function to execute:

Execute-EncryptedScript $home\secure.bin

Open in new window


Please note that you're using your Windows identity to encrypt the script, so only your user will be able to decrypt.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kati DoughertyCollaboration ArchitectAuthor Commented:
Awesome!!  Thanks so much.  I will try this and re-post.  THANKS!!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.