PowerShell Handling Secrets and Credentials Accessing the Plaintext Password


Example

The password in a credential object is an encrypted [SecureString]. The most straightforward way is to get a [NetworkCredential] which does not store the password encrypted:

$credential = Get-Credential
$plainPass = $credential.GetNetworkCredential().Password

The helper method (.GetNetworkCredential()) only exists on [PSCredential] objects.
To directly deal with a [SecureString], use .NET methods:

$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secStr)
$plainPass = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr)