< Back
Export-PSCredential
Post
NAME Export-PSCredential
SYNOPSIS
Encrypts and saves a PowerShell Credential object to file or to Azure KeyVault
SYNTAX
Export-PSCredential [-Credential] <PSCredential> [-Path] <String> [-CertificateFile] <String> [<CommonParameters>]
Export-PSCredential [-Credential] <PSCredential> [-Path] <String> -Thumbprint <String> [-CertificateStore
<String>] [<CommonParameters>]
Export-PSCredential [-Credential] <PSCredential> -KeyVault <String> -SecretName <String> [<CommonParameters>]
Export-PSCredential [-Credential] <PSCredential> [-Path] <String> -SecureKey <SecureString> [<CommonParameters>]
DESCRIPTION
Export-PSCredential is used to save a PowerShell Credential object [System.Management.Automation.PSCredential] to
disk
or to Azure KeyVault so that it can be retrieved later. When saving to disk, the password is encrypted with either
a pre-shared key
or a PKI certificate.
PARAMETERS
-Credential <PSCredential>
The Credential object that will be exported.
Required? true
Position? 2
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Path <String>
Path to the JSON file that will be created to save the encrypted credential.
Required? true
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SecureKey <SecureString>
A SecureString that is used as a Pre-Shared-Key for encrypting the credential password.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Thumbprint <String>
The ThumbPrint of a certificate on the local computer that will be used to encrypt the credential password.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-CertificateFile <String>
Path to a .CER certificate public key file that will be used to encrypt the credential password.
Required? true
Position? 2
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-CertificateStore <String>
Specifies the certifcate store of the specified certificate thumbprint. Either LocalMachine or CurrentUser.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-KeyVault <String>
The name of the Azure KeyVault that will be used to store the exported credential.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SecretName <String>
The name of the Azure KeyVault secret to create that will be used to store the exported credential.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>$Credential | Export-PSCredential -Path ./savedcredential.json -SecureKey ( Convertto-SecureString -String
'$ecretK3y' -AsPlainText -Force)
Export a credential to file using a pre-shared key.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$Credential | Export-PSCredential -Path ./savedcredential.json -Thumbprint
'87BB70A19A7671D389F49AF4C9608B2F381FDD80'
Export a credential to file using a Certificate.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>$Credential | Export-PSCredential -KeyVault 'My-KeyVault' -SecretName 'SavedCred-Secret'
Export a credential to an existing Azure KeyVault. The user executing the script must be authenticated to Azure
with sufficient permissions to the KeyVault.
RELATED LINKS
SYNOPSIS
Encrypts and saves a PowerShell Credential object to file or to Azure KeyVault
SYNTAX
Export-PSCredential [-Credential] <PSCredential> [-Path] <String> [-CertificateFile] <String> [<CommonParameters>]
Export-PSCredential [-Credential] <PSCredential> [-Path] <String> -Thumbprint <String> [-CertificateStore
<String>] [<CommonParameters>]
Export-PSCredential [-Credential] <PSCredential> -KeyVault <String> -SecretName <String> [<CommonParameters>]
Export-PSCredential [-Credential] <PSCredential> [-Path] <String> -SecureKey <SecureString> [<CommonParameters>]
DESCRIPTION
Export-PSCredential is used to save a PowerShell Credential object [System.Management.Automation.PSCredential] to
disk
or to Azure KeyVault so that it can be retrieved later. When saving to disk, the password is encrypted with either
a pre-shared key
or a PKI certificate.
PARAMETERS
-Credential <PSCredential>
The Credential object that will be exported.
Required? true
Position? 2
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Path <String>
Path to the JSON file that will be created to save the encrypted credential.
Required? true
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SecureKey <SecureString>
A SecureString that is used as a Pre-Shared-Key for encrypting the credential password.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Thumbprint <String>
The ThumbPrint of a certificate on the local computer that will be used to encrypt the credential password.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-CertificateFile <String>
Path to a .CER certificate public key file that will be used to encrypt the credential password.
Required? true
Position? 2
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-CertificateStore <String>
Specifies the certifcate store of the specified certificate thumbprint. Either LocalMachine or CurrentUser.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-KeyVault <String>
The name of the Azure KeyVault that will be used to store the exported credential.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SecretName <String>
The name of the Azure KeyVault secret to create that will be used to store the exported credential.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>$Credential | Export-PSCredential -Path ./savedcredential.json -SecureKey ( Convertto-SecureString -String
'$ecretK3y' -AsPlainText -Force)
Export a credential to file using a pre-shared key.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$Credential | Export-PSCredential -Path ./savedcredential.json -Thumbprint
'87BB70A19A7671D389F49AF4C9608B2F381FDD80'
Export a credential to file using a Certificate.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>$Credential | Export-PSCredential -KeyVault 'My-KeyVault' -SecretName 'SavedCred-Secret'
Export a credential to an existing Azure KeyVault. The user executing the script must be authenticated to Azure
with sufficient permissions to the KeyVault.
RELATED LINKS