This article demonstrates how to leverage the built-in Credential Manager in Windows 11 for storing your credentials in PowerShell / PowerCLI scripts.

The story behind this article is that I wanted to build some scripts for VM provisioning and such in my homelab without storing my passwords in plain-text in the script.

By leveraging the -credential parameter and the Windows Credential Manager on my Windows 11 system I’m avoiding the use of usernames and passwords in the script.

Windows 11 Credential Manager

Credential Manager isn’t a new feature, but it’s still very useful on Windows 11 systems.
The Credential Manager on Windows 11 has the following key features:

  • Store a user’s sign-in information for sites and applications.
  • Store sign-in data for networks such as shared drives or mapped network drives.
  • View, add, remove, and create back-ups of all your stored credentials.

In this article I will connect to a VMware vCenter Server 7.0 using the -credential parameter in PowerCLI.

First I will show my current Credential Manager in Windows 11.

Press Win+S and type Credential Manager.

Open the Windows Credential Manager
Open Windows 11 Credential Manager

Switch from the Web Credentials view to the Windows Credentials view.
These are my existing credentials today. Later on in this article we will see a new credential being added here.

Windows 11 Credential Manager
Windows 11 Credential Manager

The benefits of using Windows Credential Manager to store your PowerShell credentials are:

  • Super easy to connect to VMware ESXi hosts and/or vCenter Servers using the -credential parameter
  • No more saving your username and password inside the script.
  • Credentials Stored in the Credential Manager are associated with your Windows user account, which are
    not transferable between other users on the system.
  • Credentials Stored in the Credential Manager are associated with your Windows user account, which are
    not transferable between systems.

Install the Credential Manager module in PowerShell

To save new credentials in the Windows Credential Manager we will use the New-StoredCredential, which is not available by default: A PowerShell Module must be installed first.

The term 'New-StoredCredential' cmdlet is not recognized as a name of a cmdlet, function, script file, or executable program.
The term ‘New-StoredCredential’ cmdlet is not recognized as a name of a cmdlet, function, script file, or executable program.

Run the following command to install the Windows Credential Manager module

Install-Module -Name CredentialManager -force

After installing, the following three new commands will be available:

Get-StoredCredential
New-StoredCredential
Remove-StoredCredential

As with any other PowerShell cmdlet, you can display the syntax for any of these cmdlets by using PowerShell’s Get-Help cmdlet. We have to type Get-Help, followed by the cmdlet’s name that we need help with.

For example, if we wanted to see the syntax for the New-StoredCredential cmdlet, we would type:

Get-Help New-StoredCredential
Get-Help NewStoredCredential
Get-Help NewStoredCredential

Add new credentials to the Credential Manager

Step 1 is to add a new credential to the Credential Manager.
This can be done using the GUI, but in this example I will add new vCenter Server credentials using CLI with the New-StoredCredential command.

New-StoredCredential -Target "vCenter-Server" -Persist "LocalMachine" -Credentials $(Get-Credential)

Fill in your username & password, choose OK and head back to the Windows Credential Manager.
The result will look like the example below.

New-StoredCredential command
New-StoredCredential command

Refresh your Windows Credential Manager and you will see the

Windows 11 Credential Manager
The new vCenter Server credentials have been added to the Credential Manager

Use the credentials in our script

Head back to the PowerShell window and run the following commands:

$VCSA = 'vcsa01.vmroe.local'
$Credential = Get-StoredCredential -Target 'vCenter-Server'
Connect-VIServer $VCSA -Credential $Credential

The result will look like the following figure

Connect-VIServer $VCSA -Credential $Credential
Connect-VIServer $VCSA -Credential $Credential

Remove the credentials from the Windows Credential Manager

If you don’t need the credentials anymore, you can easily remove the credentials from the Windows Credential Manager by running to following command:

$Credential = 'vCenter-Server'
Remove-StoredCredential -Target $Credential

Happy coding!

External resources

VMware Developer page for Connect-VIServer

Microsoft Support page for Credential Manager

Other articles on vBlog related to automation

 72 total views,  1 views today