Convert an encrypted standard string into a secure string, can also convert plain text into a secure string.
Syntax
ConvertTo-SecureString [-String] String
[[-secureKey] SecureString]
[CommonParameters]
ConvertTo-SecureString [-String] String
[-key Byte[]]
[CommonParameters]
ConvertTo-SecureString [-String] String
[[-asPlainText] [-force]]
[CommonParameters]
key
-String SecureString
The string to convert to a secure string
-secureKey SecureString
The encryption key as a secure string,
this is converted to a byte array before being used as the key.
Valid key lengths are 16, 24, and 32 bytes
-key Byte
The encryption key as a byte array.
Valid key lengths are 16, 24, and 32 bytes
-asPlainText
A plain text string to convert to a secure string.
The text is not encrypted so the input is not protected/confidential
To use this option, you must also specify -Force
-force
Set this to confirm that you understand the security risks of using PlainText
CommonParameters:
-Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
-OutBuffer -OutVariable.
If the standard string being converted was encrypted with ConvertFrom-SecureString using a specified key, that same key must be provided as the value of the Key or SecureKey parameter of the ConvertTo-SecureString cmdlet.
To store the data in a file for later use, the secure string can be converted back to an encrypted, standard string using ConvertFrom-SecureString
Examples
Create a secure string from plain text:
PS C:\> $my_secure_password = convertto-securestring "P@ssW0rD!" -asplaintext -force
Create a secure string using the Read-Host cmdlet:
PS C:\> $my_secure_password = read-host -assecurestring
Save an encrypted string to disc:
PS C:\> $my_encrypted_string = convertfrom-securestring $my_secure_password -key (1..16) PS C:\> $my_encrypted_string > password.txt
Read an encrypted string from disc and convert back to a secure string:
PS C:\> $my_secure_password = convertto-securestring (get-content password.txt) -key (1..16)
“Happy as we are, times may alter; we may be bitten with some impulse towards change, and many things may seem too wonderful for us to resist, too exciting not to catch at, if we do not know that they are but phases of what has been before and withal ruinous, deceitful, and sordid” - William Morris
Related PowerShell Cmdlets:
ConvertFrom-SecureString - Convert a secure string into an encrypted standard string.
Get-Credential - Get a security credential (username/password).
A small script that can generate a credential object with the password obfuscated - powershell.com
Read-Host - Read a line of input from the host console.
CIPER - Encrypt or Decrypt files and folders.