Storing Passwords Securely for PowerShell Scripts

gistfile1.txt

	# Create a 32 bit random key to be used by the AES Key
	$AESKey = New-Object Byte[] 32
	[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($AESKey)
	
	#Collect the location to store the AES Key file
	$AESKeyFilePath = Read-Host -Prompt "Please enter the full path and file name for the AES Key (e.g. C:\AESKey.txt)"
	Set-Content $AESKeyFilePath $AESKey #It will over-write existing file data if already exists

gistfile2.txt

	
	#Collect the password to encrypt. It uses the -AsSecureString to hide the text then converts it back text and encrypts using the AES Key
	$InputPwd = Read-Host -Prompt "Please enter the password to encrypt" -AsSecureString
	$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($InputPwd)
	$PlainTxtPsswd = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr)
	$secureStringPwd = $PlainTxtPsswd | ConvertTo-SecureString -AsPlainText -Force

gistfile3.txt

#Export Secure content to password file
	$SecurePwdFile = Read-Host -Prompt "Please enter the full path and file name for the Secure Password file (e.g. C:\AppSecurePwd.txt)"
	$password = $secureStringPwd | ConvertFrom-SecureString -Key $AESKey
	Add-Content $SecurePwdFile $password