ConvertTo-SecureString

Convert an encrypted standard string into a secure string, can also convert plain text into a secure string.

Syntax
      ConvertTo-SecureString [-String] String 
         [[-secureKey] SecureString]
            [CommonParameters]
    
      ConvertTo-SecureString [-String] String 
         [-key Byte[]]
            [CommonParameters]

      ConvertTo-SecureString [-String] String 
         [[-asPlainText] [-force]]
            [CommonParameters]

key
   -String SecureString
       The string to convert to a secure string
        
   -secureKey SecureString
       The encryption key as a secure string,
       this is converted to a byte array before being used as the key.
       Valid key lengths are 16, 24, and 32 bytes
        
   -key Byte
       The encryption key as a byte array.
       Valid key lengths are 16, 24, and 32 bytes

   -asPlainText 
       A plain text string to convert to a secure string.
       The text is not encrypted so the input is not protected/confidential
       To use this option, you must also specify -Force
        
    -force 
       Set this to confirm that you understand the security risks of using PlainText

   CommonParameters:
       -Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
       -OutBuffer -OutVariable.

If the standard string being converted was encrypted with ConvertFrom-SecureString using a specified key, that same key must be provided as the value of the Key or SecureKey parameter of the ConvertTo-SecureString cmdlet.

To store the data in a file for later use, the secure string can be converted back to an encrypted, standard string using ConvertFrom-SecureString

Examples

Create a secure string from plain text:

PS C:\> $my_secure_password = convertto-securestring "P@ssW0rD!" -asplaintext -force

Create a secure string using the Read-Host cmdlet:

PS C:\> $my_secure_password = read-host -assecurestring

Save an encrypted string to disc:

PS C:\> $my_encrypted_string = convertfrom-securestring $my_secure_password -key (1..16)
PS C:\> $my_encrypted_string > password.txt

Read an encrypted string from disc and convert back to a secure string:

PS C:\> $my_secure_password = convertto-securestring (get-content password.txt) -key (1..16)

“Happy as we are, times may alter; we may be bitten with some impulse towards change, and many things may seem too wonderful for us to resist, too exciting not to catch at, if we do not know that they are but phases of what has been before and withal ruinous, deceitful, and sordid” - William Morris

Related PowerShell Commands:

ConvertFrom-SecureString - Convert a secure string into an encrypted standard string.
Get-Credential - Get a security credential (username/password)
A small script that can generate a credential object with the password obfuscated - powershell.com
Read-Host - Read a line of input from the host console.
CIPER - Encrypt or Decrypt files and folders.


Copyright © SS64.com 1999-2018
Some rights reserved