Contact Info

Crumbtrail » Administration » Powershell » Powershell 1.0 » ConvertTo-SecureString

ConvertTo-SecureString - Powershell 1.0 CmdLet

Microsoft Windows PowerShell is a command-line shell and scripting tool based on the Microsoft .NET Framework. It is designed for system administrators, engineers and developers to control and automate the administration of Windows and applications.

More than hundred command-line tools (so called "cmdlets") can be used to perform system administration tasks and Windows Management Instrumentation (WMI). These cmdlets are easy to use, with standard naming conventions and common parameters, and standard tools for piping, sorting, filtering, and formatting data and objects.


Convert an encrypted standard string into a secure string


        The string to convert to a secure string
        The encryption key as a secure string,
        this is converted to a byte array before being used as the key.
        Valid key lengths are 16, 24, and 32 bytes
   -key Byte
        The encryption key as a byte array.
        Valid key lengths are 16, 24, and 32 bytes

        A plain text string to convert to a secure string.
        The text is not encrypted so the input is not protected/confidential
        To use this option, you must also specify -Force
        Set this to confirm that you understand the security risks of using PlainText

        The common parameters: -Verbose, -Debug,-ErrorAction, -ErrorVariable, -OutVariable

Create a secure string from plain text:

PS C:\>$my_secure_password_string = convertto-securestring "P@ssW0rD!" -asplaintext -force

Creates a secure string using the Read-Host cmdlet:

PS C:\>$my_secure_password_string = read-host -assecurestring

Save an encrypted string to disc:

PS C:\>$my_encrypted_string = convertfrom-securestring $my_secure_password_string -key (1..16)
PS C:\>$my_encrypted_string > password.txt

Read an encrypted string from disc and convert back to a secure string:

PS C:\>$my_secure_password_string = convertto-securestring (get-content password.txt) -key (1..16)