One of the challenges with scripting in PowerShell is to protect sensitive information. We all know it is bad practice to hard-code credentials and passwords into scripts. And even if our code takes a credential as a parameter, we may still want to automate code execution. For example, I might have a function in my PowerShell profile that requires a password. But I don’t want to have to type it every time PowerShell starts. I want a way to store the password, retrieve it, and pass it to the function.

I’m using a password as an example. This is by no means the only type of sensitive information you’d like to store. I’m going to cover secrets management specifically in a future article. Today I want to take a more granular or file-based approach.

One approach on Windows platforms is to use the data protection API. I’ll start with a credential.

$cred = Get-Credential company\artd