Having usernames and passwords in cleartext in scripts is a horrible security practice. Many companies have been hacked due to passwords being found on GitHub and similar sites. Having to type them in manually every time you run a script defies the purpose of automating.
Since I am using the Mac OS, I will address that in my first post on this topic. Mac’s have the OS keychain by default. Mac OS Keychain is Apple’s built-in password management system in macOS. It securely keeps and handles passwords, certificates, encryption keys, and other sensitive data. The Keychain enables users to access their accounts and services without recalling or manually entering credentials each time. It is designed to safeguard this information using strong encryption and user authentication.
PowerShell Credential module
Save this as MacKeychainCredential.psm1
function Save-MacCredential {
param (
[Parameter(Mandatory)]
[string]$Username,
[Parameter(Mandatory)]
[string]$Service,
[Parameter(Mandatory)]
[string]$Password
)
# Save password to macOS Keychain
$existing = & security find-generic-password -a $Username -s $Service -w 2>$null
if ($LASTEXITCODE -eq 0) {
# Update existing entry
& security add-generic-password -U -a $Username -s $Service -w $Password | Out-Null
} else {
# Add new entry
& security add-generic-password -a $Username -s $Service -w $Password | Out-Null
}
Write-Host "Credential for '$Username' under service '$Service' saved to Keychain."
}
function Get-MacCredential {
param (
[Parameter(Mandatory)]
[string]$Username,
[Parameter(Mandatory)]
[string]$Service
)
# Get password from Keychain
$password = & security find-generic-password -a $Username -s $Service -w 2>$null
if ($LASTEXITCODE -ne 0) {
throw "Credential for user '$Username' under service '$Service' not found in Keychain."
}
# Convert to SecureString and create PSCredential
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential ($Username, $securePassword)
return $credential
}
Export-ModuleMember -Function Save-MacCredential, Get-MacCredential
Use this module
Save this as MacKeychainCredential.psm1 in a folder (e.g., ~/PowerShellModules/MacKeychainCredential)
Import and use the module
# Import the module
Import-Module ~/PowerShellModules/MacKeychainCredential/MacKeychainCredential.psm1
# Save credentials to Keychain
Save-MacCredential -Username "adminuser" -Service "vCenter01" -Password "s3cr3tP@ssw0rd"
# Retrieve as PSCredential
$cred = Get-MacCredential -Username "adminuser" -Service "vCenter01"
# Example: Use in Invoke-RestMethod or PowerCLI
# Connect-VIServer -Server vcenter01.domain.com -Credential $cred
