This is a powershell module written(in c#) to secure passwords in scripts.
The password is encrypted using a certificate (self signed) stored in the ServiceAccount (or Computer) Certificate store. And can be left in the script as “readable” (The encrypted password that is).
Using the certificate issued directly to the serviceaccount the script is running under is the only way to decrypt the password. This means only persons who has the username/password of the service account can actually decrypt it.

NOTE: Powershell does not really contain ANY good way to secure a password fully. So be aware that the password, when decrypted is stored as a “securestring” witch still can be decrypted (SecureString in Powershell is NOT secure!)

But this is the most secure way I've been able to secure passwords in Powershell scripts.

NOTE2: Because of the nature of the certficate (cannot be exported), you cannot copy the script to another computer without changing the password!)

Usage:

#Import DLL file
Import-Module {pathTO}PSCredman.dll
 
#Encrypt Password:
New-CredManEntry 
$EncryptedPassword = Set-CredManEntry -Password {UnencryptedPassword} 
$MyEncryptedPW = "
 
#Retrive password:
$Cred = Get-CredManEntry -EncryptedPassword $MyEncryptedPW -Username svc_serviceaccount@domain.local
 
# (Returns Credentials object with username and password as encrypted string)