This article demonstrates how to leverage the built-in Credential Manager in Windows 11 for storing your credentials in PowerShell / PowerCLI scripts.
The story behind this article is that I wanted to build some scripts for VM provisioning and such in my homelab without storing my passwords in plain-text in the script.
By leveraging the -credential parameter and the Windows Credential Manager on my Windows 11 system I’m avoiding the use of usernames and passwords in the script.
Windows 11 Credential Manager
Credential Manager isn’t a new feature, but it’s still very useful on Windows 11 systems.
The Credential Manager on Windows 11 has the following key features:
- Store a user’s sign-in information for sites and applications.
- Store sign-in data for networks such as shared drives or mapped network drives.
- View, add, remove, and create back-ups of all your stored credentials.
In this article I will connect to a VMware vCenter Server 7.0 using the -credential parameter in PowerCLI.
First I will show my current Credential Manager in Windows 11.
Press Win+S and type Credential Manager.
Switch from the Web Credentials view to the Windows Credentials view.
These are my existing credentials today. Later on in this article we will see a new credential being added here.
The benefits of using Windows Credential Manager to store your PowerShell credentials are:
- Super easy to connect to VMware ESXi hosts and/or vCenter Servers using the -credential parameter
- No more saving your username and password inside the script.
- Credentials Stored in the Credential Manager are associated with your Windows user account, which are
not transferable between other users on the system. - Credentials Stored in the Credential Manager are associated with your Windows user account, which are
not transferable between systems.
Install the Credential Manager module in PowerShell
To save new credentials in the Windows Credential Manager we will use the New-StoredCredential, which is not available by default: A PowerShell Module must be installed first.
Run the following command to install the Windows Credential Manager module
Install-Module -Name CredentialManager -forceAfter installing, the following three new commands will be available:
Get-StoredCredential
New-StoredCredential
Remove-StoredCredentialAs with any other PowerShell cmdlet, you can display the syntax for any of these cmdlets by using PowerShell’s Get-Help cmdlet. We have to type Get-Help, followed by the cmdlet’s name that we need help with.
For example, if we wanted to see the syntax for the New-StoredCredential cmdlet, we would type:
Get-Help New-StoredCredential
Add new credentials to the Credential Manager
Step 1 is to add a new credential to the Credential Manager.
This can be done using the GUI, but in this example I will add new vCenter Server credentials using CLI with the New-StoredCredential command.
New-StoredCredential -Target "vCenter-Server" -Persist "LocalMachine" -Credentials $(Get-Credential)Fill in your username & password, choose OK and head back to the Windows Credential Manager.
The result will look like the example below.
Refresh your Windows Credential Manager and you will see the
Use the credentials in our script
Head back to the PowerShell window and run the following commands:
$VCSA = 'vcsa01.vmroe.local'
$Credential = Get-StoredCredential -Target 'vCenter-Server'
Connect-VIServer $VCSA -Credential $Credential
The result will look like the following figure
Remove the credentials from the Windows Credential Manager
If you don’t need the credentials anymore, you can easily remove the credentials from the Windows Credential Manager by running to following command:
$Credential = 'vCenter-Server'
Remove-StoredCredential -Target $CredentialHappy coding!
External resources
VMware Developer page for Connect-VIServer
Microsoft Support page for Credential Manager
Other articles on vBlog related to automation
