1 Intro
2 Documentation
3 Tips and Tidbits
4 Working With Secure Strings
5 Examples
- 5.1 cmdkey /list to list all saved credentials
- 5.2 Get-Credentials Use

Intro

My notes on using the Windows Credential Manager

Documentation

cmdkey - Creates, lists, and deletes stored user names and passwords or credentials.
Example on how to use cmdkey to add Azure key: How To Mount And Persist Azure Files As A Windows Share
Example on how to use cmdkey to add Azure key: How to map a Network Drive to an Azure File Share
Shopping for Credentials with Cmdkey.exe
Secure Password with PowerShell: Encrypting Credentials – Part 1
Store Credentials in PowerShell Script

Tips and Tidbits

cmdkey utility only works with the current user.
- The credentials you manage are for the current user, not for another user on the same system.
Use The Get-Credential cmdlet to create the PSCredential object like the username and password.
The PSCredential is a placeholder for a set of credentials – it basically contains a username and a password.

Working With Secure Strings

$cred.Password | ConvertFrom-SecureString creates a textual string of the encrypted password.
- You can save this to a file and use it later, in the same computer and same account, to restore the password.

$pass = Get-Content "c:\Password.txt"
$user = "roger@roger.com"

$cred = New-Object -TypeName PSCredential -ArgumentList $user, ($pass | ConvertTo-SecureString)

or

$secPass = ConvertTo-SecureString $pass -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($user, $secPass)

Note that if you try to use the textual string in another computer or account, you will get an error

$pass | ConvertTo-SecureString
ConvertTo-SecureString : Key not valid for use in specified state.
At line:1 char:9
+ $pass | ConvertTo-SecureString
+         ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [ConvertTo-SecureString], CryptographicException
    + FullyQualifiedErrorId : ImportSecureString_InvalidArgument_CryptographicError,Microsoft.PowerShell.Commands.ConvertToSecureStringCom
   mand

Beginning with PowerShell 3.0, he could even set a default parameter value so that any cmdlet that had a –Credential parameter would use the domain account.

$cred = get-credential globomantics\da_jack
$PSDefaultParameterValues.add("*:Credential",$cred)

Examples

cmdkey /list to list all saved credentials

Get-Credentials Use

Get the cleartext password with GetNetworkCredential

Add the AD domain password to the Windows Credential Manager so we can issue commands without entering the AD credentials