0

I understand that I can use both methods to save a password to a text file:

Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File C:\cred.txt

and 

Get-Credential | Export-Clixml c:\cred.xml

I also understand that both methods make the password accessible only to the account that created the output file and on the machine where it was created. That said, is one method more secure than the other? Are there other benefits or risks associated with one or the other?

Ansgar Wiechers
  • 193,178
  • 25
  • 254
  • 328
StackExchangeGuy
  • 741
  • 16
  • 36
  • If you are concerned about security, you can use a key.. Try this.. http://www.adminarsenal.com/admin-arsenal-blog/secure-password-with-powershell-encrypting-credentials-part-2/ If you use a key, the encryption is not scoped out of the session anymore – Prageeth Saravanan Jan 11 '17 at 14:41
  • Yeah, I thought about that, but then I also have to secure the key. – StackExchangeGuy Jan 11 '17 at 14:47

1 Answers1

1

None of the two approaches is more secure than the other. Their only differences are that one prompts for credentials with a GUI dialog and stores the data as XML, whereas the other prompts on the console and stores the data in an unstructured text file.

Ansgar Wiechers
  • 193,178
  • 25
  • 254
  • 328