How to use an Encrypted Password File in PowerShell Scripts?

Requirement: Use an encrypted password file in PowerShell scripts.

How to Use a Encrypted Password File in PowerShell Scripts?

How to use an Encrypted Password File to Read/Write Credentials in PowerShell?

PowerShell modules like PnP PowerShell offers a mechanism to use Windows credentials store to Save and retrieve user name and password to use it in scripts. However, for other PowerShell modules like SharePoint Online Management Shell, AzureAD, CSOM., etc., we don’t have any direct ways to suppress the password prompt, other than storing the password in plain text within the script. In situations like we need to schedule the script in Windows task scheduler, for unattended execution of the script without any user intervention, we can use this method:

Here is how we can store and read encrypted passwords from a file in PowerShell scripts.

MFA must be turn-off for the saved credentials to work!
  • Step 1: Create an encrypted password file to store credentials
  • Step 2: Read the encrypted password from the file and use it in scripts.

Create an Encrypted Password File

Basically, we need to get the credentials from the user (once!) and store the encrypted password in a file. Here is the PowerShell script to save the encrypted password to a file.

#function to Save Credentials to a file
Function Save-Credential([string]$UserName, [string]$KeyPath)
    #Create directory for Key file
    If (!(Test-Path $KeyPath)) {        
        Try {
            New-Item -ItemType Directory -Path $KeyPath -ErrorAction STOP | Out-Null
        Catch {
            Throw $_.Exception.Message
    #store password encrypted in file
    $Credential = Get-Credential -Message "Enter the Credentials:" -UserName $UserName
    $Credential.Password | ConvertFrom-SecureString | Out-File "$($KeyPath)\$($Credential.Username).cred" -Force

#Get credentials and create an encrypted password file
Save-Credential -UserName "[email protected]" -KeyPath "C:\Scripts"

This creates a file with encrypted credentials on a given path.

Get the encrypted password from the File

Once we create the encrypted password file, we can read the file and use the saved credentials in our scripts like:

#function to get credentials from a Saved file
Function Get-SavedCredential([string]$UserName,[string]$KeyPath)
    If(Test-Path "$($KeyPath)\$($Username).cred") {
        $SecureString = Get-Content "$($KeyPath)\$($Username).cred" | ConvertTo-SecureString
        $Credential = New-Object System.Management.Automation.PSCredential -ArgumentList $Username, $SecureString
    Else {
        Throw "Unable to locate a credential for $($Username)"
    Return $Credential

#Get encrypted password from the file
$Cred = Get-SavedCredential -UserName "[email protected]" -KeyPath "C:\Scripts"

#Connect to Azure AD from saved credentials
Connect-AzureAD -Credential $Cred

Alright, here is how we can use this method to connect to SharePoint Online Management Shell:

#Get encrypted password from the file
$Cred = Get-SavedCredential -UserName "[email protected]" -KeyPath "C:\Scripts"
#Connect to SharePoint Online PowerShell
Connect-SPOService -URL "" -Credential $Cred
#Get all Site Collections

Similarly, to connect to SharePoint Online using CSOM PowerShell, use:

Import-Module Microsoft.Online.SharePoint.PowerShell

#Get encrypted password from the file
$Cred = Get-SavedCredential -UserName "[email protected]" -KeyPath "C:\Scripts"

$SiteUrl = ""
#Set up the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl)
$Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
#Get the Web Object
$Web = $Ctx.web
#Get the Title of the Web
Write-host $Web.Title 

I used it in automated PowerShell scripts that are scheduled in the Windows task scheduler. E.g., PowerShell to import custom user profile properties from Azure AD to SharePoint Online user profile store.

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

2 thoughts on “How to use an Encrypted Password File in PowerShell Scripts?

  • New sharepoint has broken this wonderful report. Any chance we can get an update?

  • You forgot to mention that you have to read the file while running the script as the same account that created the file. Otherwise, you’ll get a “Key not valid for use in specified state.” error.


Leave a Reply

Your email address will not be published. Required fields are marked *