Press "Enter" to skip to content

Handling Sensitive Data With Powershell

Adam Bertram shows off the data protection API in Powershell:

We need to automatically read this information without our intervention. This is where you sometimes see people get lazy and add passwords in plain text into the script. That’s a big no-no, and there’s a better way.

 PowerShell has native support for something called the data protection API (DPAPI). DPAPI is a built-in way Windows users can use certificates to encrypt and decrypt information on the fly which is perfect for PowerShell scripting. No username and password required. We simply need a certificate installed which can be self-signed.

This is about much more than storing and decoding passwords, so check it out.