-
-
Notifications
You must be signed in to change notification settings - Fork 271
/
Export-PSCredential.ps1
78 lines (64 loc) · 2.45 KB
/
Export-PSCredential.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
function Export-PSCredential {
<#
.SYNOPSIS
Export credentials to a file
.DESCRIPTION
Export credentials to a file
For use with Import-PSCredential
A credential can only be decrypted by the user who encryped it, on the computer where the command was invoked.
.PARAMETER Credential
Credential to export
.PARAMETER Path
File to export to. Parent folder must exist
.PARAMETER Passthru
Return FileInfo object for the credential file
.EXAMPLE
#Creates a credential, saves it to disk
$Credential = Get-Credential
Export-PSCredential -path C:\File.xml -credential $Credential
#Later on, import the credential!
$ImportedCred = Import-PSCredential -path C:\File.xml
.NOTES
Author: Hal Rottenberg <[email protected]>, butchered by ramblingcookiemonster
Purpose: These functions allow one to easily save network credentials to disk in a relatively
secure manner. The resulting on-disk credential file can only [1] be decrypted
by the same user account which performed the encryption. For more details, see
the help files for ConvertFrom-SecureString and ConvertTo-SecureString as well as
MSDN pages about Windows Data Protection API.
[1]: So far as I know today. Next week I'm sure a script kiddie will break it.
.FUNCTIONALITY
General Command
#>
[cmdletbinding()]
param (
[parameter(Mandatory=$true)]
[pscredential]$Credential = (Get-Credential),
[parameter()]
[Alias("FullName")]
[validatescript({
Test-Path -Path (Split-Path -Path $_ -Parent)
})]
[string]$Path = "credentials.$env:COMPUTERNAME.xml",
[switch]$Passthru
)
# Create temporary object to be serialized to disk
$export = New-Object -TypeName PSObject -Property @{
UserName = $Credential.Username
EncryptedPassword = $Credential.Password | ConvertFrom-SecureString
}
# Export using the Export-Clixml cmdlet
Try
{
$export | Export-Clixml -Path $Path -ErrorAction Stop
Write-Verbose "Saved credentials for $($export.Username) to $Path"
if($Passthru)
{
# Return FileInfo object referring to saved credentials
Get-Item $Path -ErrorAction Stop
}
}
Catch
{
Write-Error "Error saving credentials to '$Path': $_"
}
}