Search code examples
windowspowershellcredential-manager

Add new entries to the Windows Credentials Vault

I want to be able to add multiple entries to my Windows Credentials Vault using PowerShell.

I searched a bit and came across this code:

[Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime]
$vault = New-Object Windows.Security.Credentials.PasswordVault
$cred = New-Object windows.Security.Credentials.PasswordCredential
$cred.Resource = 'My Credentials'
$cred.UserName = 'MyDomain\MyUserName'
$cred.Password = 'MyPassword'
$vault.Add($cred)
Remove-Variable cred # So that we don't have the password lingering in memory!

The problem is that the new entry is stored in the Web Credential Vault and not in the Windows Credentials Vault. I must be missing something. How can I fix it?

PS: I know there are better ways to store the password, but that not what's important here. Let’s just focus on the vault please. :)

Solution

  • Continuing from my comment, look at these tools:

    Find-Module -name '*credential*' | Format-Table -AutoSize
# Results
<#
Version        Name                          Repository Description
-------        ----                          ---------- -----------
2.0            CredentialManager             PSGallery  Provides access to credentials in the Windows Credential Manager
1.1.0          CredentialSpec                PSGallery  Tools to create and find Credential Spec files used to run Windows Server Containers with Active Directory ide...
1.1            VPNCredentialsHelper          PSGallery  A simple module to set the username and password for a VPN connection through PowerShell. Huge thanks to Jeff ...
1.0.4          WindowsCredential             PSGallery  Management module for Windows Credential Store.
3.6.30         CredentialRetriever           PSGallery  Retrieve Credentials from CyberArk Central Credential Provider Web Service, or Local Credential Provider using...
1.1.0          PSCredentialTools             PSGallery  PSCredentialTools provides various methods for securely storing and retrieving credentials used in PowerShell ...
1.0.0.0        SelectCredential              PSGallery  A module for selecting the credential stored in variables
1.1            CredentialsManager            PSGallery  The module Credentials Manager provides you with convenient and safe way to store your credentials to file sys...
1.0            NubusTech.CredentialStore     PSGallery  CredentialStore saves powershell credentials securely to file
1.3            MiCredentialModule            PSGallery  Saves/Retrieves credentials to/from a file (with encrypted password) so you can automate tasks that need diffe...
1.0.5          AxCredentialVault             PSGallery  Grants fast, secure access to credential objects in Azure
1.3            vaultcredential               PSGallery  Manages credentials in the credential vault
0.0.1          SecureCredentials             PSGallery  This module allow to secure store encrypted credentials for running powershell daemon
1.0.11         pscredentialmanager           PSGallery  This module allows management and automation of Windows cached credentials.
4.5            BetterCredentials             PSGallery  A (compatible) major upgrade for Get-Credential, including support for storing credentials in Windows Credenti...
2.1.0          PSJsonCredential              PSGallery  A set of commands for exporting and importing PSCredentials to a json file.
1.0.3          CredentialManagement          PSGallery  Manage Credentials stored in the Windows Credential Manager
1.0.0          CredentialLocker              PSGallery  CredentialLocker is a module that provides commandlets to manage credentials in the password vault....
3.0            CredentialUtility             PSGallery  This is a credential manager tool which comes with handy PowerShell cmdlets { Get-Password; Save-Password; Sho...
1.2.2.20190715 SimplyCredential              PSGallery  Simply Module for windows credentials.
1.1.7          CredentialStore               PSGallery  CredentialStore saves powershell credentials securely to file
1.1            PS.CredentialManager          PSGallery  A credential manager module for PowerShell. Securely stores and retrieves credentials using the Windows Data P...
1.1.1.0        IntelliTect.CredentialManager PSGallery  Provides an easy-to-use interface to the Windows Credential Manager via PowerShell.
2.0.4.0        StoredPSCredential            PSGallery  Stores serialized PSCredential objects in HKCU and retrieves them. Encryption can only be reversed by the same...
1.0.2          Get-AwsTemporaryCredential    PSGallery  Retrieves AWS Credentials from a stored profile and uses these to obtain temporary credentials for the specifi...
1.0.548        PSCredentialStore             PSGallery  A simple credential manager to store and reuse multiple credential objects.
1.0.0.0        BAMCIS.CredentialManager      PSGallery  Provides a PowerShell wrapper around the Windows Credential Manager Win32 APIs.
0.1.1          SCOrchDev-StoredCredential    PSGallery  A module retrieving PSCredential from credential manager. Forked from https://gist.github.com/toburger/2947424...
1.0.1          MrACredential                 PSGallery  A module to manage creating, saving, and importing credentials using encryption keys.
1.1.7          CredentialStore.AzureKeyVault PSGallery  Import and Export functionality to sync CredentialStore with Azure KeyVault
1.1            New-Credential                PSGallery  Simply creates an object (System.Management.Automation.PSCredential) that can be used with the parameter "-Cre...
1.0.7          TUN.Credentials               PSGallery  Provides easy to use methods to manage and use credentials. Documentation of module at https://github.com/echa...
2.1            SecuredCredential             PSGallery  SecuredCredential Routines for modules supported. This module is published in my new book 'Cloud Integration C...
#>

Install-Module -Name CredentialManager
Import-Module -name CredentialManager
(Get-Module -Name CredentialManager).ExportedCommands
# Results
<#
Key                     Value
---                     -----
Get-StoredCredential    Get-StoredCredential
Get-StrongPassword      Get-StrongPassword
New-StoredCredential    New-StoredCredential
Remove-StoredCredential Remove-StoredCredential
#>

# Get specifics for a module, cmdlet, or function
(Get-Command -Name New-StoredCredential ).Parameters
(Get-Command -Name New-StoredCredential ).Parameters.Keys
Get-help -Name New-StoredCredential  -Examples
Get-help -Name New-StoredCredential  -Full
Get-help -Name New-StoredCredential  -Online

# Find all cmdlets / functions with a target parameter
Get-Command -CommandType Cmdlet |
Where-Object {
    Try {$PSItem.parameters.keys -match 'credential'}
    Catch{}
}|
Out-GridView -PassThru -Title '
Available cmdlets which has a specific parameter'

Get-Command -CommandType Function |
Where-Object {
    Try {$PSItem.parameters.keys -match 'credential'}
    Catch{}
}|
Out-GridView -PassThru -Title '
Available functions which has a specific parameter'

# Get property enums/options for a specifc cmdlet/function
(Get-Service | Select-Object -First 1).Status.GetType()
[System.ServiceProcess.ServiceControllerStatus]::
GetNames([System.ServiceProcess.ServiceControllerStatus])

    Also, look at this: Secrets Management Development Release

    What is Secrets Management?

    The Secrets Management module helps users manage secrets by providing a set of cmdlets that let you store secrets locally, using a local vault provider, and access secrets from remote vaults. This module supports an extensible model where local and remote vaults can be registered and unregistered on the local machine, per user, for use in accessing and retrieving secrets. The module leverages existing secrets vaults, for example it uses Credential Manager (Cred Man), to provide the default local vault experience on Windows. This module focuses on retrieving/using secrets from existing vaults, leaving the advanced secret/vault management to the existing vaults. While this module will eventually be cross-platform this alpha version of the module currently works only on Windows platforms. For a more detailed explanation of the goals of Secrets Management watch this session from Ignite 2019.

    https://devblogs.microsoft.com/powershell/secrets-management-development-release

    Or just old school:

    cmdkey /?

Creates, displays, and deletes stored user names and passwords.

The syntax of this command is:

CMDKEY [{/add | /generic}:targetname {/smartcard | /user:username {/pass{:password}}} | /delete{:targetname | /ras} | /list{:targetname}]

Examples:

  To list available credentials:
     cmdkey /list
     cmdkey /list:targetname

  To create domain credentials:
     cmdkey /add:targetname /user:username /pass:password
     cmdkey /add:targetname /user:username /pass
     cmdkey /add:targetname /user:username
     cmdkey /add:targetname /smartcard

  To create generic credentials:
     The /add switch may be replaced by /generic to create generic credentials

  To delete existing credentials:
     cmdkey /delete:targetname

  To delete RAS credentials:
     cmdkey /delete /ras

cmdkey /list

Currently stored credentials:

    Target: MicrosoftAccount:target=SSO_POP_Device
    Type: Generic
    User: ...
    Saved for this logon only

    Target: WindowsLive:target=virtualapp/didlogical
    Type: Generic
    User: ...
    Local machine persistence

cmdkey /add:$env:COMPUTERNAME /user:postanote /pass:SomeSuperSecretPassword1

CMDKEY: Credential added successfully.
cmdkey /list

Currently stored credentials:

    Target: MicrosoftAccount:target=SSO_POP_Device
    Type: Generic
    User: ...
    Saved for this logon only

    Target: WindowsLive:target=virtualapp/didlogical
    Type: Generic
    User: ...
    Local machine persistence

    Target: Domain:target=104DB2FE-76B8-4
    Type: Domain Password
    User: postanote