Recently, a reader reached out to ask about using credentials in PowerShell. He wasn’t sure if he was using credentials properly and securely. I’m sure he isn’t alone when it comes to using alternate credentials. Which means I should spend a little time on the subject.

First, let’s separate this into two parts. How do you work with credentials from a PowerShell prompt? Second, how do you work with credentials in your scripting work? These are separate issues, although there will be some overlap.

Secure Strings

Let’s start by looking at the basis of most credentials, a secure string. A good PowerShell command should never ask you for a plain text secret such as a password or API key. Instead, it should use the .NET System.Security.SecureString class. You can easily create a secure string using Read-Host.