Convert an encrypted standard string into a secure string, can also convert plain text into a secure string.

      ConvertTo-SecureString [-String] String 
         [[-secureKey] SecureString]
      ConvertTo-SecureString [-String] String 
         [-key Byte[]]

      ConvertTo-SecureString [-String] String 
         [[-asPlainText] [-force]]

   -String SecureString
       The string to convert to a secure string
   -secureKey SecureString
       The encryption key as a secure string,
       this is converted to a byte array before being used as the key.
       Valid key lengths are 16, 24, and 32 bytes
   -key Byte
       The encryption key as a byte array.
       Valid key lengths are 16, 24, and 32 bytes

       A plain text string to convert to a secure string.
       The text is not encrypted so the input is not protected/confidential
       To use this option, you must also specify -Force
       Set this to confirm that you understand the security risks of using PlainText

If the standard string being converted was encrypted with ConvertFrom-SecureString using a specified key, that same key must be provided as the value of the Key or SecureKey parameter of the ConvertTo-SecureString cmdlet.

To store the data in a file for later use, the secure string can be converted back to an encrypted, standard string using ConvertFrom-SecureString


Create a secure string from plain text:

PS C:\> $my_secure_password = convertto-securestring "P@ssW0rD!" -asplaintext -force

Create a secure string using the Read-Host cmdlet:

PS C:\> $my_secure_password = read-host -assecurestring

Save an encrypted string to disc:

PS C:\> $my_encrypted_string = convertfrom-securestring $my_secure_password -key (1..16)
PS C:\> $my_encrypted_string > password.txt

Read an encrypted string from disc and convert back to a secure string:

PS C:\> $my_secure_password = convertto-securestring (get-content password.txt) -key (1..16)

“Happy as we are, times may alter; we may be bitten with some impulse towards change, and many things may seem too wonderful for us to resist, too exciting not to catch at, if we do not know that they are but phases of what has been before and withal ruinous, deceitful, and sordid” - William Morris

Related PowerShell Cmdlets

ConvertFrom-SecureString - Convert a secure string into an encrypted standard string.
Get-Credential - Get a security credential (username/password).
Read-Host - Read a line of input from the host console.
CIPER - Encrypt or Decrypt files and folders.

Copyright © 1999-2023
Some rights reserved