First create a key which will be used to encrypt the plain text password
$Key = New-Object Byte[] 16 # You can use 16, 24, or 32 for AES [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key) $Key | out-file ".\key"
Now, use the key to save encrypted password to disk
param ( [Parameter(Mandatory=$true)][string]$Password = $( Read-Host "Input password, please" ) ) $Key = Get-Content ".\key" $Password | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString -Key $key | out-file ".\pwd"
And finally use the key to get the password from disk and create credentials with it.
$Key = Get-Content ".\key" $User = "CONTOSO\someuser" $Pass = Get-Content ".\pwd" $MyCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, ($Pass | ConvertTo-SecureString -Key $key)
Key is used so any user can decrypt the password. If no key is used, the string value produced is bount to the current users GUID