Export And Import PowerShell Credentials

PowerShell Credentials are very useful in the world of system administration. Passwords stored in a PSCredential object are encrypted by a key, so that means you can't just pipe a PSCredential into Export-Clixml to export your credentials because the key is stored in memory for the current user on the current computer only. I have written two functions to work around this by bundling a separate key and a linked PSCredential object into a PSObject, so you can export that object by piping it to Export-Clixml. You can then transfer that object to a remote computer and/or different user and import it via my second cmdlet listed below:

Export a credential with Export-Credential:

<# .SYNOPSIS Exports a PowerShell credential the proper way. .DESCRIPTION Creates a PowerShell credential and returns the secured credential with it's key. .LINK https://bartsimons.me #> Function Export-Credential { [CmdletBinding()] [OutputType( [PSCustomObject] )] Param ( [Parameter( Mandatory = $false )] [SecureString] $Password, [Parameter( Mandatory = $false )] [String] $Username, [Parameter( Mandatory = $false )] [PSCredential] $Credential ) If (-not ($Credential -and $Password)) { $CredentialSpecified = $false $PasswordSpecified = $false $Key = New-Object Byte[](32) $Rng = [System.Security.Cryptography.RNGCryptoServiceProvider]::Create() $Rng.GetBytes($Key) If ($Credential) { $CredentialSpecified = $true return New-Object PSObject -Property @{ Username = $Credential.UserName Password = ConvertFrom-SecureString -SecureString $Credential.Password -Key $Key Key = $Key } } If ($Password -and $Username) { $PasswordSpecified = $true return New-Object PSObject -Property @{ Username = $Username Password = ConvertFrom-SecureString -SecureString $Password -Key $Key Key = $Key } } Else { Write-Error "You need to specify both a username and password." } } Else { Write-Error "You can only specify a credential OR a password, not both" } }

Import a credential with Import-Credential:

<# .SYNOPSIS Imports a PowerShell credential the proper way. .DESCRIPTION Creates a new PowerShell credential from imported data. .LINK https://bartsimons.me #> Function Import-Credential { [CmdletBinding()] [OutputType( [PSCustomObject] )] Param ( [Parameter( Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true )] [PSCustomObject] $Data ) If ($Data.Username -and $Data.Password -and $Data.Key) { return New-Object System.Management.Automation.PSCredential($Data.Username, (ConvertTo-SecureString -String $Data.Password -Key $Data.Key)) } Else { Write-Error "Inconsistent data structure in variable" } }

An example:

# Generate a credential and export it to credentials.xml Export-Credential -Credential (Get-Credential) | Export-Clixml credentials.xml # Import the credential on the remote machine into the variable $theCredential $theCredential = (Import-Clixml credentials.xml | Import-Credential)

I hope you find these two functions useful! Be careful though, anyone with access to your key could potentially decrypt your password. So think twice when you decide where to store your exported credentials 😉