CredentialsManager

1.1

about_CredentialsManager.help.txt

                                Credentials Manager module, version 1.00

author: Igor Iric, iricigor@gmail.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - 

The module Credentials Manager provides you with convinient and safe way to store your credentials to file system and effectvly re-use them in your scripts.

List of commands:

Write-Credential

Read-Credential

Credentials are saved in encrypted files, i.e. only user that saved them, can decrypt it. 

All commands have documented help system. Type Get-Help about_CredentialsManager, or Get-Command -Module CredentialsManager for more info.

Commands overview

- - - - - - - - -

Write-Credential [-Environment] <String[]> [[-Path] <String>] [-PassThru]       #  stores credentials in encrypted form to disk 

Read-Credential  -Environment <String[]> [-Path <String>] [<CommonParameters>]  #  reads credentials from disk

Read-Credential  [-Path <String>] -ListAvailable [<CommonParameters>]           #  lists all available credentials

Commands support multiple credentials at same path (folder), identified with Environment parameter.

Default path (folder) %APPDATA%\CredentialsManager can be changed to any value, including network shares.

Security notes

- - - - - - - -

Even if administrators or other users do have access to credentials files (i.e. on a network shares), they will not be able to decrypt it.

Function is using ConvertTo-SecureString with -AsPlainText parameter to process Username parameter which is by default passed as plain text. It is saved as encrypted data to disk.

Examples

- - - -

Write-Credential Dev                 # User is prompted for credentials (user name and password) which are saved to default location

Write-Credential BAcc -Path P:\cred  # User is prompted for credentials for B account, which are afterwards saved to P: disk

$Cred = Read-Credential -Environment Dev                                                  # Gets username and password from files saved in repository and saves it in variable

Get-WMIObject Win32_Service -Computer DC1 -Credential (Read-Credential -Environment Dev)  # Gets credentials from repository and directly uses it in network operation

Get-Item '\\dfs\restricted\*' -Credential (Read-Credential -Environment BAcc)             # Gets B account credentials from repository and directly uses it to access restricted folder content

Version history

- - - - - - - - 

0.90 - Nov '15 - initial Public release, 2 functions Read, Write

1.00 - Dec '15 - one file for data instead of 2, added convert functions

Updates in this version 1.00

- - - - - - - - - - - - - - 

Read-Credential, Write-Credential - both functions are now using only one file for storing encrypted credentials

Write-Credential - now supporting non-interactive mode, credentials can be passed throu with parameter -Credential

Convert-Credential - if you saved credentials using previous version, you can update them to current one

Requests for next versions

- - - - - - - - - - - - - 

Manipulating credentials support, i.e delete, rename credential, etc.

Any further suggestion is welcome!