View File

@ -1 +1,84 @@
# PSCredentialStore
| AppVeyor Overall | AppVeyor Master | AppVeyor Dev | | Download |
| :--------------: | :-------------: | :----------: | :-----------: | :--------:|
| [![Build status](]( | [![Build status](]( | [![Build status](]( | [![Coverage Status](]( | [![Download](](
The PSCredentialStore is an simple credential manager for PSCredentials. It stores multiple credential objects in a
simple json file. You can choose between a private and shared store. The private one exists in your profile and can
ony accessed by your account on the same machine. The shared store enables you to use different credentials for your
script without exposing them as plain text.
**The shared store isn't 100% secure and I don't recommend using it in production!**
PSCredentialStore was developed to simplify the delegation of complex powershell scripts. In this case you often
need to store credentials for non interactive usage like in scheduled tasks.
To get started read the [about_PSCredentialStore](/src/en-US/ page.
============ (Recommended Way)
* Make sure you use PowerShell 4.0 or higher with `$PSVersionTable`.
* Use the builtin PackageManagement and install with: `Install-Module PSCredentialStore`
* Done. Start exploring the Module with `Import-Module PSCredentialStore ; Get-Command -Module PSCredentialStore`
Manual Way
* Take a look at the [Latest Release]( page.
* Download the ``.
* Unpack the Zip and put it in your Powershell Module path.
* Don't forget to change the NTFS permission flag in the context menu.
* Start with `Import-Module PSCredentialStore`
Quick Start
**1.** First we need a blank CredentialStore. You can decide between a *private* or *shared* store. The private
Credential Store can only be accessed with your profile on the machine you created it.
# Private Credential Store
# Shared Credential Store
New-CredentialStore -Shared
#Shared CredentialStore in custom Location
New-CredentialStore -Shared -Path 'C:\CredentialStore.json'
**2.** Now you can manage your CredentialStoreItems:
# This will prompt for credentials and stores it in a private store
New-CredentialStoreItem -RemoteHost 'dc01.myside.local' -Identifier 'AD'
# You can now use it in other scripts like this:
$DCCreds = Get-CredentialStoreItem -RemoteHost 'dc01.myside.local' -Identifier 'AD'
Invoke-Command -ComputerName 'dc01.myside.local' -Credential $DCCreds -ScripBlock {Get-Process}
The CredentialStore contains also a simple function to establish a connection with several systems or protocols.
If you have already installed the underlying framework your can connect to:
* **CiscoUcs** - Establish a connection to a Cisco UCS fabric interconnect.
* Required Modules: [`Cisco.UCS.Core`, `Cisco.UCSManager`](!y&mdfid=286305108&softwareid=284574017&release=2.1.1)
* **FTP** - Establish a connection to a FTP host.
* Required Modules: [`WinSCP`](
* **NetAppFAS** - Establish a connection to a NetApp Clustered ONTAP filer.
* Required Modules: [`DataONTAP`](
* **VMware** - Establish a connection to a VMware vCenter or ESXi host.
* Required Modules: [`VMware.VimAutomation.Core`](
Here are some basic examples:
Connect-To -RemoteHost "ucs.myside.local" -Type CiscoUcs
Connect-To -RemoteHost "ftp.myside.local" -Type FTP
Connect-To -RemoteHost "fas.myside.local" -Type NetAppFAS
Connect-To -RemoteHost "esx01.myside.local" -Type VMware

"Version": "1.2.0",
"Creation": "2016-06-14 08:41:10"

View File

@ -0,0 +1 @@

View File

@ -0,0 +1,44 @@
function Get-ChallengeFile {
Reads the challenge file as binary content.
Use this function to tread a challenge file. Returns a [Byte[]] Array.
Specify a file to read.
.\Get-RandomKey -Path "C:\TMP\Challenge.bin"
File Name : Get-ChallengeFile.ps1
Author : Marco Blessing -
Requires :
[Parameter(Mandatory = $false)]
[string]$Path = "{0}\PSCredentialStore\Challenge.bin" -f $env:ProgramData
if (Test-Path $Path) {
try {
catch {
Write-Error ("Could not read file {0}." -f $Path) -ErrorAction Stop

View File

@ -0,0 +1,72 @@
Function Set-ChallengeFile() {
Writes the given key into the challenge file
You can use the file content for ConvertTo-SecureString operations.
The file you wish to create.
Specify the key size for the encryption key.
Use this switch to override an older file version.
.\Set-ChallengeFile -Path "C:\TMP\myfile.json" -Force
File Name : Set-ChallengeFile.ps1
Author : Marco Blessing -
Requires :
[Parameter(Mandatory = $false)]
[string]$Path = "{0}\PSCredentialStore\Challenge.bin" -f $env:ProgramData,
[Parameter(Mandatory = $false)]
[ValidateSet(16, 24, 32)]
[string]$KeySize = "24",
if ((Test-Path -Path $Path)) {
if ($Force -eq $true) {
Remove-Item -Path $Path -Confirm:$false -Force
else {
Write-Error "The given file already exists!. Use the -Force switch to override it." -ErrorAction Stop
$PSCredentialStoreDataDir = Split-Path -Path $Path -Parent
if (-not (Test-Path $PSCredentialStoreDataDir)) {
try {
New-Item -ItemType Directory -Path $PSCredentialStoreDataDir
catch {
Write-Error ("Could not create the parent data dir {0}" -f $PSCredentialDataDir) -ErrorAction Stop
try {
$Keys = Get-RandomKey -Size $KeySize
[io.file]::WriteAllBytes($Path, $Keys)
catch {
$_.Exception | Format-List -Force | Out-String | Write-Error -ErrorAction Stop

View File

@ -0,0 +1,48 @@
function Test-ChallengeFile {
Simple path check for challenge file needed by the CredentialStores.
This is supposed to be a internal function to check the existence for a challenge file.
Specify the path to the challenge file.
If (Test-ChallengeFile) {
Write-Host "The file exists."
Else {
Write-Warning "Couldn't find the given file!"
File Name : Test-ChallengeFile.ps1
Author : Marco Blessing -
Requires :
[Parameter(Mandatory = $false)]
[String]$Path = "{0}\PSCredentialStore\Challenge.bin" -f $env:ProgramData
if (Test-Path $Path) {
else {

View File

@ -0,0 +1,213 @@
function Connect-To {
Connects to the given host using the stored CredentialStoreItem.
Establish a connection to the selected host using a stored CredentialStoreItem.
Specify the host, for which you would like to change the credentials.
.PARAMETER Identifier
Defaults to "". Specify a string, which separates two CredentialStoreItems for the
same hostname.
Specify the host type of the target. Currently implemented targets are:
- CiscoUcs Establish a connection to a Cisco UCS fabric interconnect.
- FTP Establish a connection to a FTP host.
- NetAppFAS Establish a connection to a NetApp Clustered ONTAP filer.
- VMware Establish a connection to a VMware vCenter or ESXi host.
.PARAMETER Credentials
Use this parameter to bypass the stored credentials. Without this parameter Connect-To tries to read the
needed credentials from the CredentialStore. If you provide this parameter you skip this lookup behavior.
So you can use it to enable credentials without preparing any user interaction.
Define a custom path to a shared CredentialStore.
Switch to shared mode with this param. This enforces the command to work with a shared CredentialStore which
can be decrypted across systems.
Connect-To -RemoteHost "ucs.myside.local" -Type CiscoUcs
Connect-To -RemoteHost "ftp.myside.local" -Type FTP
Connect-To -RemoteHost "fas.myside.local" -Type NetAppFAS
Connect-To -RemoteHost "esx01.myside.local" -Type VMware
$MyCreds = Get-Credential
Connect-To -RemoteHost "vcr01.myside.local" -Type VMware -Credentials $MyCreds
Get-VM -Name "*vlm*" | Select-Object -Property Name
Disconnect-From -RemoteHost "vcr01.myside.local" -Type VMware
File Name : Connect-To.ps1
Author : Marco Blessing -
Requires : PSFTP, PowerCLI
[CmdletBinding(DefaultParameterSetName = "Private")]
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
[ValidateSet("CiscoUcs", "FTP", "NetAppFAS", "VMware")]
[Parameter(Mandatory = $False, ParameterSetName = "Shared")]
[Parameter(Mandatory = $False, ParameterSetName = "Private")]
[Parameter(Mandatory = $False, ParameterSetName = "Shared")]
[String]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[Parameter(Mandatory = $false, ParameterSetNAme = "Shared")]
begin {
# First check the optional modules
if (-not (Resolve-Dependency -Name $Type)) {
Write-Error -Message ("Could not resolve the optional dependencies defined for {0}" -f $Type) -ErrorAction 'Stop'
switch ($Type) {
"VMware" {
# Disable the yellow certificate warning, since we haven't replaced the SSL certs for vCenter/ESXi
$null = Set-PowerCLIConfiguration -Scope Session -InvalidCertificateAction Ignore -Confirm:$false
# Disable connecting through proxy, since vCenter isn't somewhere we need a proxy for.
$null = Set-PowerCLIConfiguration -Scope Session -ProxyPolicy NoProxy -Confirm:$false
process {
# Set the correct CredentialStore Path depending on the used ParameterSetName
if ($PSCmdlet.ParameterSetName -eq "Private") {
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
if (-not ($Credentials)) {
# Load the credential from the CredentialStore. If the credential doesn't exist, we need to
# return 1, so a calling if statement can handle the failure detection.
# Check if $Identifier has been defined, in which case we need to use different name for
# the lookup of the CredentialStoreItem.
try {
if ($Identifier -ne "") {
$RemoteHostIdentifier = "{0}/{1}" -f $Identifier, $RemoteHost
$creds = Get-CredentialStoreItem -RemoteHost $RemoteHostIdentifier -Path $Path
else {
$creds = Get-CredentialStoreItem -RemoteHost $RemoteHost -Path $Path
catch {
Write-Message2 ("Unable to look up credential store item for RemoteHost {0}/Identifier {1}!" -f $RemoteHost, $Identifier) -ErrorAction Stop
else {
$creds = $Credentials
if ($creds.UserName -eq "" -or $creds.Password.GetType().Name -ne "SecureString") {
# Write a error message to the log.
Write-Message2 ("Please provide valid credentials for RemoteHost {0}!" -f $RemoteHost) -ErrorAction Stop
else {
switch ($Type) {
"CiscoUcs" {
try {
$handle = Connect-Ucs -Name $RemoteHost -Credential $creds -ErrorAction Stop
$ExecutionContext.SessionState.PSVariable.Set("DefaultUcs", $handle)
catch {
# Write a error message to the log.
Write-Message2 ("Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type) -ErrorAction Stop
"FTP" {
# First establish the FTP session
$WinSCPConParams = @{
Credential = $creds
Hostname = $RemoteHost
Protocol = 'Ftp'
FtpMode = 'Passive'
try {
$Global:WinSCPSession = New-WinSCPSession @WinSCPConParams
catch {
throw "Could not connect to {0} using {1} protocol!" -f $RemoteHost, $Type
# Check the Connection State
if (!($WinSCPSession.Opened)) {
# Check the connection state and find out if the session is still open.
$MessageParams = @{
Message = "Connection to {0} using Type {1} was established. But now it seems to be lost!" -f $RemoteHost, $Type
ErrorAction = "Stop"
Write-Error @MessageParams
"NetAppFAS" {
try {
$null = Connect-NcController -Name $RemoteHost -Credential $creds -ErrorAction Stop -HTTPS
catch {
# Write a error message to the log.
$MessageParams = @{
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
ErrorAction = "Stop"
Write-Error @MessageParams
"VMware" {
try {
Connect-VIServer -Server $RemoteHost -Credential $creds -ErrorAction Stop | Out-Null
catch {
# Write a error message to the log.
$MessageParams = @{
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
ErrorAction = "Stop"
Write-Error @MessageParams
default {
# Write a error message to the log.
$MessageParams = @{
Message = "Unable to connect to {0} using Type {1}." -f $RemoteHost, $Type
ErrorAction = "Stop"
Write-Error @MessageParams

View File

@ -0,0 +1,147 @@
function Disconnect-From {
Terminates a session established with Connect-To using a CredentialStoreItem.
Terminates a session established with Connect-To using a CredentialStoreItem.
Specify the remote endpoint, whose session you would like to terminate.
.PARAMETER Identifier
Defaults to "". Specify a string, which separates two CredentialStoreItems for the
same hostname.
Specify the host type of the target. Currently implemented targets are:
- CiscoUcs Establish a connection to a Cisco UCS Fabric Interconnect.
- FTP Establish a connection to a FTP host.
- NetAppFAS Establish a connection to a NetApp Clustered ONTAP filer.
- VMware Establish a connection to a VMware vCenter or ESXi host.
Force the disconnect, even if the disconnect would fail.
Disconnect-From -RemoteHost "ucs.myside.local" -Type CiscoUcs
Disconnect-From -RemoteHost "ftp.myside.local" -Type FTP
Disconnect-From -RemoteHost "fas.myside.local" -Type NetAppFAS
Disconnect-From -RemoteHost "esx01.myside.local" -Type VMware
Disconnect-From -RemoteHost "esx01.myside.local" -Type VMware -Force:$True
File Name : Disconnect-To.ps1
Author : Marco Blessing -
Requires :
[Parameter(Mandatory = $true)]
[Parameter(Mandatory = $true)]
[ValidateSet("CiscoUcs", "FTP", "NetAppFAS", "VMware")]
[Parameter(Mandatory = $false)]
switch ($Type) {
"VMware" {
try {
if ($Force) {
Disconnect-VIServer -Server $RemoteHost -Confirm:$false -ErrorAction Stop -Force:$true
else {
Disconnect-VIServer -Server $RemoteHost -Confirm:$false -ErrorAction Stop
catch {
# Write a error message to the log.
$MessageParams = @{
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
ErrorAction = "Stop"
Write-Error @MessageParams
# Check for an existing WinSCP Session var
"FTP" {
if ($Global:WinSCPSession.Opened) {
Remove-WinSCPSession -WinSCPSession $Global:WinSCPSession
else {
$MessageParams = @{
Message = "There is no open WinSCP Session"
ErrorAction = "Stop"
Write-Error @MessageParams
# DataONTAP doesn't have a CmdLet `Disconnect-NcController`.
# So we go ahead and clear the CurrentNcController variable.
"NetAppFAS" {
try {
$MessageParams = @{
Message = "Setting {0} to `$null, which will disconnect NetAppFAS" -f $Global:CurrentNcController
ErrorAction = "Continue"
Write-Verbose @MessageParams
$Global:CurrentNcController = $null
catch {
# Write a error message to the log.
$MessageParams = @{
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
ErrorAction = "Stop"
Write-Error @MessageParams
"CiscoUcs" {
try {
Disconnect-Ucs -Ucs $RemoteHost
catch {
# Write a error message to the log.
$MessageParams = @{
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
ErrorAction = "Stop"
Write-Error @MessageParams
default {
# Write a error message to the log.
$MessageParams = @{
Message = "Unable to disconnect from {0} using Type {1}." -f $RemoteHost, $Type
ErrorAction = "Stop"
Write-Error @MessageParams

src/Dependency.json Normal file
View File

@ -0,0 +1,31 @@
"Version": 0.1,
"Mandatory": {},
"Optional": [
"Name": "VMware",
"Modules": [
"Name": "CiscoUCS",
"Modules": [
"Name": "FTP",
"Modules": [
"Name": "NetAppFAS",
"Modules": [

View File

@ -0,0 +1,47 @@
function Get-RandomKey {
Returns a random key
You can use the key for further use with SecureStrings.
Define the key size. You can choose between 16, 24 and 32
Returns a Random key as [Byte[]] array.
.\Get-RandomKey -Size 24
File Name : Get-RandomKey.ps1
Author : Marco Blessing -
Requires :
[Parameter(Mandatory = $true)]
[ValidateSet(16, 24, 32)]
# Init the vars
[Byte[]]$Key = @()
$i = 0
while ($i -ne $size) {
$element = Get-Random -Minimum 0 -Maximum 255
Write-Debug ("The current element is {0}." -f $element)
$Key += $element

View File

@ -0,0 +1,85 @@
function Resolve-Dependency {
Tests defined optional dependencies and returns the result as bool.
Use this function to test for optional modules. You can use it if you provide functions which needs special
modules but you don't want to make them required.
Place a file called Dependency.json in your module root dir. The default format is:
"Version": 0.1,
"Mandatory": {},
"Optional": [
"Name": "VMware",
"Modules": [
"Name": "CiscoUCS",
"Modules": []
Select the dependency item name you defined in the dependency.json.
If (-not (Resolve-Dependency -Name 'VMware')) {
Write-Error -Message ("Could not resolve the optional dependencies defined for {0}" -f 'VMware') -ErrorAction 'Stop'
File Name : ResolveDependency.ps1
Author : Marco Blessing -
Requires :
param (
[Parameter(Mandatory = $true)]
begin {
$ModuleRootDir = $MyInvocation.MyCommand.Module.ModuleBase
$DepFilePath = Join-Path -Path $ModuleRootDir -ChildPath "Dependency.json"
if (Test-Path -Path $DepFilePath) {
$Dependency = Get-Content -Path $DepFilePath -Raw -Encoding UTF8 | ConvertFrom-Json
else {
Write-Warning ("Could not find the dependency file: {0}" -f $DepFilePath)
$res = @()
process {
$SelectedDependency = $Dependency.Optional | Where-Object {$_.Name -match $Name}
foreach ($Module in $SelectedDependency.Modules) {
$res += Test-Module -Name $Module
if ($res -contains $false) {
return $false
else {
return $true
end {

src/Helper/Test-Module.ps1 Normal file
View File

@ -0,0 +1,104 @@
function Test-Module {
Tests if the given module exists on the local system.
Tests if the given module is installed on the local system. It returns a bool value as result.
Define a item name you need to test
Define the dependency type. This could be a Module or PSnapin.
.PARAMETER MessagePattern
You an optionally adjust the message pattern for the error message itself.
The available placeholders are:
- {0} : Type
- {1} : Name
This switch forces the entire script to stop if the given dependency object fails.
.\Test-Dependency -Name 'VMware.PowerCLI' -Type 'Module'
.\Test-Dependency -Name 'VMware.PowerCLI' -Type 'Module' -StopIfFails
File Name : Get-RandomKey.ps1
Author : Marco Blessing -
Requires :
[Parameter(Mandatory = $true)]
[Parameter(Mandatory = $false)]
[ValidateSet('Module', 'PSSnapin', 'Custom')]
[string]$Type = 'Module',
[Parameter(Mandatory = $false)]
[string]$MessagePattern = @"
Could not find the required {0} called {1}. Please install the required {0} to run this function!
[Parameter(Mandatory = $false)]
begin {
process {
$Message = $MessagePattern -f $Type, $Name
Write-Debug $Message
switch ($Type) {
'Module' {
if (Get-Module -Name $Name -ListAvailable) {
return $true
else {
if ($StopIfFails) {
Write-Error -Message $Message -ErrorAction Stop -Category NotInstalled
return $false
'PSSnapin' {
if (Get-PSSnapin -Name $Name -Registered) {
return $true
else {
if ($StopIfFails) {
Write-Error -Message $Message -ErrorAction Stop -Category NotInstalled
return $false
'Custom' {
Throw 'Custom tests are not implemented yet!'
end {

View File

@ -0,0 +1,109 @@
function Get-CredentialStoreItem {
Returns the Credential from a given remote host item.
Return the credential as PSCredential object.
Specify the host, for which you would like to change the credentials.
.PARAMETER Identifier
Provide a custom identifier to the given remote host key. This enables you to store multiple credentials
for a single remote host entry. For example ad/sys1, ftp/sys1, mssql/sys1
Define a custom path to a shared CredentialStore.
Switch to shared mode with this param. This enforces the command to work with a shared CredentialStore which
can be decrypted across systems.
$myCreds = Get-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
File Name : Get-CredentialStoreItem.ps1
Author : Marco Blessing -
Requires :
[CmdletBinding(DefaultParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
# First set a constand path for private CredentialStore mode.
if ($PSCmdlet.ParameterSetName -eq "Private") {
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
else {
$CredentialName = $RemoteHost
if (Test-CredentialStore -Path $Path) {
$CS = Get-CredentialStore -Path $Path
$CSMembers = Get-Member -InputObject $CS
# Let`s first check if the given remote host exists as object property
if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -eq $CredentialName)) {
if ($CS.Type -eq "Private") {
$CSItem = [ordered]@{
User = $CS.$CredentialName.User
Password = ConvertTo-SecureString -String $CS.$CredentialName.Password
else {
$Key = Get-ChallengeFile
$CSItem = [ordered]@{
User = $CS.$CredentialName.User
Password = ConvertTo-SecureString -String $CS.$CredentialName.Password -Key $Key
New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $CSItem.User, $CSItem.Password
else {
$MsgParams = @{
ErrorAction = "Stop"
Message = "Could not find credentials for the given remote host: {0}" -f $RemoteHost
Write-Error @MsgParams
else {
$MsgParams = @{
ErrorAction = "Stop"
Message = "The given credential store ({0}) does not exist!" -f $Path
Write-Error @MsgParams

View File

@ -0,0 +1,135 @@
function New-CredentialStoreItem {
Adds a credential store item containing host, user and password to the given store.
The credentials are stored without any relations to it's further use. If you need to change an existing
item please use Set-CredentialStoreItem. You need to decide afterwards, whether to use the credential for
a VIConnection, NetApp FAS or UCS Fabric Interconnect.
Define the store in which you would like to add a new item.
The identifier or rather name for the given credentials.
.PARAMETER Identifier
Provide a custom identifier to the given remote host key. This enables you to store multiple credentials
for a single remote host entry. For example ad/sys1, ftp/sys1, mssql/sys1
.PARAMETER Credential
You can provide credentials optionally as pre existing pscredential object.
New-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
File Name : New-CredentialStoreItem.ps1
Author : Marco Blessing -
Requires :
[CmdletBinding(DefaultParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
[Parameter(Mandatory = $false)]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
# First set a constand path for private CredentialStore mode.
if ($PSCmdlet.ParameterSetName -eq "Private") {
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
# Lets do a quick test on the given CredentialStore.
if (-not(Test-CredentialStore -Path $Path)) {
$MessageParams = @{
Message = "Could not add anything into the given CredentailStore."
ErrorAction = "Stop"
Write-Error @MessageParams
# Read the file content based on the given ParameterSetName
$CSContent = Get-CredentialStore -Path $Path
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
else {
$CredentialName = $RemoteHost
if (-not($Credential)) {
$Credential = Get-Credential -Message $CredentialName
if ($Credential.UserName) {
if ($CSContent.Type -eq "Shared") {
$Key = Get-ChallengeFile
$encypted = ConvertFrom-SecureString -SecureString $Credential.Password -Key $Key
else {
$encypted = ConvertFrom-SecureString -SecureString $Credential.Password
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
$MessageParams = @{
Message = "The given host already exists. Nothing to do here."
Write-Warning @MessageParams
else {
$CredentialHash = [ordered]@{
User = $Credential.UserName
Password = $encypted
Creation = $CurrentDate
Add-Member -InputObject $CSContent -Name $CredentialName -MemberType NoteProperty -Value $CredentialHash
try {
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
catch [System.Exception] {
$MessageParams = @{
Message = "Couldn't add item into credential store!"
ErrorAction = "Stop"
Write-Error @MessageParams
else {
$MessageParams = @{
Message = "Please Provide at least a valid user!"
ErrorAction = "Stop"
Write-Error @MessageParams

View File

@ -0,0 +1,94 @@
function Remove-CredentialStoreItem {
Remove the given credentials from the credential store.
Use this CMDLet to completely remove an credential store item.
Define the store in which your given host entry already exists.
Specify the host you for which you would like to change the credentials.
.PARAMETER Identifier
Defaults to "". Specify a string, which separates two CredentialStoreItems for the
same hostname.
Switch to shared mode with this param. This enforces the command to work with a shared CredentialStore which
can be decrypted across systems.
Remove-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
Remove-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" -Identifier svc
File Name : Remove-CredentialStoreItem.ps1
Author : Marco Blessing -
Requires :
[CmdletBinding(DefaultParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
# First set a constand path for private CredentialStore mode.
if ($PSCmdlet.ParameterSetName -eq "Private") {
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
# Lets do a quick test on the given CredentialStore.
if (-not(Test-CredentialStore -Path $Path)) {
$MessageParams = @{
Message = "Could not add anything into the given CredentailStore."
ErrorAction = "Stop"
Write-Error @MessageParams
# Read the file content based on the given ParameterSetName
$CSContent = Get-CredentialStore -Path $Path
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
else {
$CredentialName = $RemoteHost
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
# We need to use the .NET Method because there is no easier way in PowerShell.
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
else {
$MessageParams = @{
Message = "The given CredentailStoreItem does not exist."
Write-Warning @MessageParams

View File

@ -0,0 +1,114 @@
function Set-CredentialStoreItem {
Changes the credentials for the given remote host in the store.
Define the store in which your given host entry already exists.
Specify the host you for which you would like to change the credentials.
.PARAMETER Identifier
Defaults to "". Specify a string, which separates two CredentialStoreItems for the
same hostname.
Switch to shared mode with this param. This enforces the command to work with a shared CredentialStore which
can be decrypted across systems.
Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local"
Set-CredentialStoreItem -Path "C:\TMP\mystore.json" -RemoteHost "esx01.myside.local" -Identifier svc
File Name : Set-CredentialStoreItem.ps1
Author : Marco Blessing -
Requires :
[CmdletBinding(DefaultParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[Parameter(Mandatory = $true, ParameterSetName = "Private")]
[Parameter(Mandatory = $true, ParameterSetName = "Shared")]
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
# First set a constant path for private CredentialStore mode.
if ($PSCmdlet.ParameterSetName -eq "Private") {
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
# Lets do a quick test on the given CredentialStore.
if (-not(Test-CredentialStore -Path $Path)) {
$MessageParams = @{
Message = "Could not add anything into the given CredentailStore."
ErrorAction = "Stop"
Write-Error @MessageParams
# Read the file content based on the given ParameterSetName
$CSContent = Get-CredentialStore -Path $Path
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
else {
$CredentialName = $RemoteHost
$Creds = Get-Credential -Message $CredentialName
if ($Creds.UserName) {
if ($CSContent.Type -eq "Shared") {
$Key = Get-ChallengeFile
$encypted = ConvertFrom-SecureString -SecureString $Creds.Password -Key $Key
else {
$encypted = ConvertFrom-SecureString -SecureString $Creds.Password
if (Get-Member -InputObject $CSContent -Name $CredentialName -Membertype Properties) {
$CSContent.$CredentialName.User = $Creds.UserName
$CSContent.$CredentialName.Password = $encypted
$CSContent.$CredentialName.Creation = $CurrentDate
ConvertTo-Json -InputObject $CSContent | Out-File -FilePath $Path
else {
$MessageParams = @{
Message = "The given CredentailStoreItem does not exist."
Write-Warning @MessageParams
Else {
$MessageParams = @{
Message = "Please Provide at least a valid user!"
ErrorAction = "Stop"
Write-Error @MessageParams

View File

@ -0,0 +1,93 @@
function Test-CredentialStoreItem() {
Checks if the given RemoteHost identifier combination exists in the credential store.
Use this cmdlet for basic checks with a single item. Check the item first with this function before
you try to interact with it.
Define a custom credential store you try to read from. Without the `-Path` parameter
`Test-CredentialStoreItem` tries to read from the default private store.
Specify the host, for which you would like to change the credentials.
.PARAMETER Identifier
Adds an optional identifier to the given RemoteHost. Makes it possible to store multiple credentials
for a single host.
Switch to shared mode with this param. This enforces the command to work with a shared CredentialStore which
can be decrypted across systems.
If (Test-CredentialStoreItem -RemoteHost "Default") {
Get-CredentialStoreItem -RemoteHost "Default"
Else {
Write-Warning ("The given Remote Host {0} does not exist in the credential Store!" -f $RemoteHost)
File Name : Test-CredentialStoreItem.ps1
Author : Marco Blessing -
Requires :
[CmdletBinding(DefaultParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[Parameter(Mandatory = $true)]
[Parameter(Mandatory = $false)]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
if ($PSCmdlet.ParameterSetName -eq "Private") {
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
if ($Identifier -ne "") {
$CredentialName = $RemoteHost = "{0}/{1}" -f $Identifier, $RemoteHost
else {
$CredentialName = $RemoteHost
if (Test-CredentialStore -Path $Path) {
$CS = Get-CredentialStore -Path $Path
$CSMembers = Get-Member -InputObject $CS
if (($CSMembers.MemberType -eq "NoteProperty") -and ($CSMembers.Name -eq $CredentialName)) {
return $true
else {
return $false
else {
$MsgParams = @{
ErrorAction = "Stop"
Message = "The given credential store ({0}) does not exist!" -f $Path
Write-Error @MsgParams

src/PSCredentialStore.psd1 Normal file
View File

@ -0,0 +1,140 @@
# Module manifest for module 'PSCredentialStore'
# Generated by: OCram85
# Generated on: 27.07.2017
# Script module or binary module file associated with this manifest.
RootModule = 'PSCredentialStore'
# Version number of this module.
# Do not touch the version number. It gets replaced in the build process.
ModuleVersion = ''
# Supported PSEditions
# CompatiblePSEditions = @()
# ID used to uniquely identify this module
GUID = '6800e192-9df8-4e30-b253-eb2c799bbe84'
# Author of this module
Author = 'OCram85'
# Company or vendor of this module
CompanyName = ''
# Copyright statement for this module
Copyright = '(c) 2017 OCram85. All rights reserved.'
# Description of the functionality provided by this module
Description = 'A simple credential manager to store and reuse multiple credential objecs'
# Minimum version of the Windows PowerShell engine required by this module
PowerShellVersion = '4.0'
# Name of the Windows PowerShell host required by this module
# PowerShellHostName = ''
# Minimum version of the Windows PowerShell host required by this module
# PowerShellHostVersion = ''
# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
# DotNetFrameworkVersion = ''
# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
# CLRVersion = ''
# Processor architecture (None, X86, Amd64) required by this module
# ProcessorArchitecture = ''
# Modules that must be imported into the global environment prior to importing this module
# RequiredModules = @()
# Assemblies that must be loaded prior to importing this module
# RequiredAssemblies = @()
# Script files (.ps1) that are run in the caller's environment prior to importing this module.
# ScriptsToProcess = @()
# Type files (.ps1xml) to be loaded when importing this module
# TypesToProcess = @()
# Format files (.ps1xml) to be loaded when importing this module
# FormatsToProcess = @()
# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
# NestedModules = @()
# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
FunctionsToExport = @(
# Connection Group
# Item Group
# Store Group
# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
CmdletsToExport = @()
# Variables to export from this module
VariablesToExport = '*'
# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
AliasesToExport = @()
# DSC resources to export from this module
# DscResourcesToExport = @()
# List of all modules packaged with this module
# ModuleList = @()
# List of all files packaged with this module
# FileList = @()
# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
PrivateData = @{
PSData = @{
# Tags applied to this module. These help with module discovery in online galleries.
Tags = @('Credential Store',
'Credential Manager'
# A URL to the license for this module.
LicenseUri = ''
# A URL to the main website for this project.
ProjectUri = ''
# A URL to an icon representing this module.
# IconUri = ''
# ReleaseNotes of this module
ReleaseNotes = 'This is a draft version / pre-release. Do not use in production!'
} # End of PSData hashtable
} # End of PrivateData hashtable
# HelpInfo URI of this module
HelpInfoURI = ''
# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
# DefaultCommandPrefix = ''

View File

@ -0,0 +1,10 @@
$Items = (Get-ChildItem -Path ("{0}\*.ps1" -f $PSScriptRoot ) -Recurse ).FullName | Where-Object {
$_ -notmatch "(Classes|Init)"
ForEach ($Item in $Items) {
# Write-Verbose ("dot sourcing file {0}" -f $Item)
. $Item
# Exports are now controlled by module manifest
# Export-ModuleMember -Function *

View File

@ -0,0 +1,69 @@
function Get-CredentialStore {
Reads the complete content of the credential store and returns it as a new object.
The content is in a raw format. It means there is no transformation to the different credential types.
You can not use the object properties to connect with remote host. Therefore please use
Define a custom path to a shared CredentialStore.
Switch to shared mode with this param. This enforces the command to work with a shared CredentialStore which
can be decrypted across systems.
[PSObject] Returns the credential store content as PSObject.
$CSContent = Get-CredentialStore -Path "C:\TMP\mystore.json"
File Name : Get-CredentialStore.ps1
Author : Marco Blessing -
Requires :
[CmdletBinding(DefaultParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
if ($PSCmdlet.ParameterSetName -eq 'Private') {
$Path = "{0}\CredentialStore.json" -f $env:APPDATA
if (Test-CredentialStore -Path $Path) {
try {
$FileContent = Get-Content -Path $Path -Raw
ConvertFrom-Json $FileContent
catch [System.Exception] {
$MessageParams = @{
Message = "Unknown CredentialStore format. Invalid JSON file."
ErrorAction = "Stop"
Write-Error @MessageParams
else {
$MessageParams = @{
Message = "Could not find the CredentialStore."
ErrorAction = "Stop"
Write-Error @MessageParams

View File

@ -0,0 +1,111 @@
function New-CredentialStore {
Creates a new credential store File
You need to run this script first to create a new credential store before you try to
save new credentials with New-CredentialStoreItem.
Define a location for the new shared CredentialStore. The default store will be created in
$Env:ProgramData\PSCredentialStore dir.
Creates a CredentialStore in the Shared mode. This enables you to read the CredentialStore Items on
different systems or profiles. In addition you can optionally provide a custom path wit the -Path parameter.
Use this switch to reset an existing store. The complete content will be wiped.
# Creates a new private CredentialStore
New-CredentialStore -Force
# Resets an existing private CredentialStore
New-CredentialStore -Shared
# Creates a new shared CredentialStore
New-CredentialStore -Shared -Path "C:\TMP\CredentialStore.json"
# Creates a new shared CredentialStore in the given location.
File Name : New-CredentialStore.ps1
Author : Marco Blessing -
Requires :
[CmdletBinding(DefaultParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[Parameter(Mandatory = $false, ParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
# Lets get the current Date in a human readable format.
$CurrentDate = Get-Date -UFormat "%Y-%m-%d %H:%M:%S"
# Set latest Credential Store version
Set-Variable -Name "CSVersion" -Value "1.2.0" -Option Constant
# Set the CredentialStore path for private mode.
Write-Debug ("ParameterSetName: {0}" -f $PSCmdlet.ParameterSetName)
if ($PSCmdlet.ParameterSetName -eq "Private") {
$Path = "{0}\CredentialStore.json" -f $Env:APPDATA
# Test if in the given store already a CredentialStore exists.
Write-Verbose "Test if there is already a credential store."
if ((Test-CredentialStore -Path $Path) -and ($Force -ne $true)) {
$MessageParam = @{
Message = "The given file already exists. Use the 'Force' switch to override the existing store."
ErrorAction = "Stop"
Write-Error @MessageParam
# We need to use the IDictionary to keep the property sorting in the object.
$ObjProperties = [ordered]@{
Version = $CSVersion
Creation = $CurrentDate
if ($PSCmdlet.ParameterSetName -eq "Shared") {
$ObjProperties.Type = "Shared"
# Check if a ChallengeFile already exists. We don't want to overide it.
# Otherwise previous created CredentialStores couln't be decrypted anymore.
if (-not (Test-ChallengeFile)) {
else {
$ObjProperties.Type = "Private"
# Create a new object for easy conversion into a json file
$CredentialStoreObj = New-Object -TypeName psobject -Property $ObjProperties
try {
ConvertTo-Json -InputObject $CredentialStoreObj | Out-File -FilePath $Path
catch [System.Exception] {
$_.Exception | Format-List -Force | Out-String | Write-Error -ErrorAction Stop

View File

@ -0,0 +1,61 @@
function Test-CredentialStore {
Returns the credential store state.
Use this script to test your credential store. For now it only checks if
the file exists.
Define a custom path to a shared CredentialStore.
Switch to shared mode with this param. This enforces the command to work with a shared CredentialStore which
can be decrypted across systems.
File Name : Test-CredentialStore.ps1
Author : Marco Blessing -
Requires :
[CmdletBinding(DefaultParameterSetName = "Private")]
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
[string]$Path = "{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData,
[Parameter(Mandatory = $false, ParameterSetName = "Shared")]
if ($PSCmdlet.ParameterSetName -eq "Private") {
$Path = "{0}\CredentialStore.json" -f $Env:APPDATA
# Set latest Credential Store version
Set-Variable -Name "CSVersion" -Value "1.2.0" -Option Constant
if (Test-Path $Path) {
Write-Verbose "CredentialStore in given path found."
# try tor read the store. Removed the Get-CredentialStore function to avoid recursive calls.
try {
$FileContent = Get-Content -Path $Path -Raw
$CSContent = ConvertFrom-Json $FileContent
catch {
Write-Warning "Could not read or convert the given CredentialStore."
Return $False
Return $True
Else {
Write-Verbose "The given CredentialStore does not exist!"
Return $False

tests/.gitkeep Normal file
View File

View File

@ -0,0 +1,65 @@
#region HEADER
$here = Split-Path -Parent $MyInvocation.MyCommand.Path
# $RepoRoot = (Get-Item -Path $here).Parent.Parent.FullName
$RepoRoot = (Get-GitDirectory).replace('\.git', '')
$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.Tests\.', '.'
$sut = $sut -replace "\d{2}`_", ''
$suthome = (Get-ChildItem -Path $RepoRoot -Exclude ".\tests\" -Filter $sut -Recurse).FullName
# Skip try loading the source file if it doesn't exists.
If ($suthome.Length -gt 0) {
. $suthome
Else {
Write-Warning ("Could not find source file {0}" -f $sut)
# load additional functions defined in the repository. Replace the expression <FunctionName>.
. (Get-ChildItem -Path $RepoRoot -Filter "Test-CredentialStore.ps1" -Recurse).FullName
. (Get-ChildItem -Path $RepoRoot -Filter "New-CredentialStore.ps1" -Recurse).FullName
. (Get-ChildItem -Path $RepoRoot -Filter "Get-CredentialStore.ps1" -Recurse).FullName
. (Get-ChildItem -Path $RepoRoot -Filter "Get-CredentialStoreItem.ps1" -Recurse).FullName
. (Get-ChildItem -Path $RepoRoot -Filter "Test-ChallengeFile.ps1" -Recurse).FullName
. (Get-ChildItem -Path $RepoRoot -Filter "Get-ChallengeFile.ps1" -Recurse).FullName
. (Get-ChildItem -Path $RepoRoot -Filter "Set-ChallengeFile.ps1" -Recurse).FullName
. (Get-ChildItem -Path $RepoRoot -Filter "Get-RandomKey.ps1" -Recurse).FullName
#endregion HEADER
Describe "New-CredentialStoreItem" {
Context "Private Credential Store tests" {
It "Test1: Add entry to existing private store." {
If (-not (Test-CredentialStore)) {
[String]$tmp = (65..90) + (97..122) | Get-Random -Count 5 | % {[char]$_}
$tmp = $tmp.Replace(' ', '')
$tmpUser = "MyUser"
$tmpPwd = "fooobarysdfsfs" | ConvertTo-SecureString -AsPlainText -Force
$creds = New-Object -TypeName PsCredential -ArgumentList $tmpUser, $tmpPwd
New-CredentialStoreItem -RemoteHost $tmp -Credential $creds
# Had to remove the `{ <exp> } | Shoud Not Throw` because the return would be empty.
$content = Get-CredentialStoreItem -RemoteHost $tmp
$content.UserName | Should Be "MyUser"
#Cleanup Temp entry
$CS = Get-CredentialStore
ConvertTo-Json -InputObject $CS | Out-File -FilePath ("{0}\CredentialStore.json" -f $env:AppData)
Context "Test with new shared Credential Store" {
It "Test2: Create new RemoteHost entry" {
# prepare test environment
$tmpCS = 'C:\CredentialStore.json'
New-CredentialStore -Shared -Path $tmpCS
$UserName = "myuser"
$Password = ConvertTo-SecureString -String "mypasswd" -AsPlainText -Force
$mycreds = New-Object -TypeName PSCredential -ArgumentList $UserName, $Password
$RemoteHost = "foobar"
{ New-CredentialStoreItem -Path $tmpCS -RemoteHost $RemoteHost -Credential $mycreds -Shared } | Should Not Throw
$tmpCS = Get-Content -Path $tmpCS -Raw | ConvertFrom-Json
$res = Get-Member -InputObject $tmpCS -Name $RemoteHost -Membertype Properties
$res.Name | Should Be $RemoteHost

View File

@ -0,0 +1,37 @@
#region HEADER
$here = Split-Path -Parent $MyInvocation.MyCommand.Path
# $RepoRoot = (Get-Item -Path $here).Parent.Parent.FullName
$RepoRoot = (Get-GitDirectory).replace('\.git', '')
$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.Tests\.', '.'
$sut = $sut -replace "\d{2}`_", ''
$suthome = (Get-ChildItem -Path $RepoRoot -Exclude ".\tests\" -Filter $sut -Recurse).FullName
# Skip try loading the source file if it doesn't exists.
If ($suthome.Length -gt 0) {
. $suthome
Else {
Write-Warning ("Could not find source file {0}" -f $sut)
# load additional functions defined in the repository. Replace the expression <FunctionName>.
. (Get-ChildItem -Path $RepoRoot -Filter "Test-CredentialStore.ps1" -Recurse).FullName
#endregion HEADER
Describe "Get-CredentialStore" {
Context "Basic logic tests" {
$TestCredentialStore = Resolve-Path -Path ("{0}\resources\cs\CredentialStore.json" -f $RepoRoot)
It "Test1: Read CS without params" {
If (Test-Path -Path ("{0}\CredentialStore.json" -f $env:APPDATA)) {
{Get-CredentialStore} | Should Not Throw
Else {
Write-Warning "Default private Credential Store not found. Skipping..."
It "Test2: Read Credential Store with testing data" {
{Get-CredentialStore -Path $TestCredentialStore} | Should Not Throw

View File

@ -0,0 +1,114 @@
#region HEADER
$here = Split-Path -Parent $MyInvocation.MyCommand.Path
# $RepoRoot = (Get-Item -Path $here).Parent.Parent.FullName
$RepoRoot = (Get-GitDirectory).replace('\.git', '')
$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.Tests\.', '.'
$sut = $sut -replace "\d{2}`_", ''
$suthome = (Get-ChildItem -Path $RepoRoot -Exclude ".\tests\" -Filter $sut -Recurse).FullName
# Skip try loading the source file if it doesn't exists.
If ($suthome.Length -gt 0) {
. $suthome
Else {
Write-Warning ("Could not find source file {0}" -f $sut)
# load additional functions defined in the repository. Replace the expression <FunctionName>.
. (Get-ChildItem -Path $RepoRoot -Filter "Test-CredentialStore.ps1" -Recurse).FullName
. (Get-ChildItem -Path $RepoRoot -Filter "Test-ChallengeFile.ps1" -Recurse).FullName
. (Get-ChildItem -Path $RepoRoot -Filter "Set-ChallengeFile.ps1" -Recurse).FullName
. (Get-ChildItem -Path $RepoRoot -Filter "Get-RandomKey.ps1" -Recurse).FullName
#endregion HEADER
# Backup existing credential stores
$VerbosePreference = "Continue"
Write-Verbose "Backup private Credential Store..."
$CSPath = ("{0}\CredentialStore.json" -f $env:APPDATA)
$BackupFile = "{0}.back" -f $CSPath
If (Test-Path -Path $CSPath) {
Move-Item -Path $CSPath -Destination $BackupFile
Write-Verbose "Backup shared CredentialStore..."
$CSShared = ("{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData)
$BackupSharedFile = "{0}.back" -f $CSShared
If (Test-Path -Path $CSShared) {
Move-Item -Path $CSShared -Destination $BackupSharedFile
Write-Verbose "Remove old CredentialStore in Temp dir"
$CSTemp = "{0}\CredentialStore.json" -f $Env:TEMP
If (Test-Path -Path $CSTemp) {
Remove-Item -Path $CSTemp
$VerbosePreference = "SilentlyContinue"
Describe "New-CredentialStore" {
Context "Private CS tests" {
$pCS = Join-Path -Path $env:APPDATA -ChildPath "CredentialStore.json"
It "Test1: Create new private CredentialStore" {
$result = Test-Path -Path $pCS
$CS = Get-Content -Path $pCS -Raw | ConvertFrom-Json -ErrorAction SilentlyContinue
($result -eq $True) -and ($CS.Type -eq "Private") | Should Be $True
It "Test2: Try to override private Store" {
{New-CredentialStore} | Should Throw
It "Test3: Reset existing Credential Store" {
$now = Get-Date
$CS = Get-Content -Path $pCS -Raw | ConvertFrom-Json
$CSCreation = [DateTime]$CS.Creation
New-CredentialStore -Force
$now -gt $csCreation | Should Be $True
Context "Shared CS tests" {
$pCS = Join-Path -Path $env:ProgramData -ChildPath "PSCredentialStore\CredentialStore.json"
It "Test1: Create a new Shared Credential Store" {
New-CredentialStore -Shared
Test-Path -Path ("{0}\PSCredentialStore\CredentialStore.json" -f $env:ProgramData) | Should Be $True
It "Test2: Try to override existing shared CS" {
{New-CredentialStore -Shared} | Should Throw
It "Test3: Reset shared CredentialStore" {
$now = Get-Date
$CS = Get-Content -Path $pCS -Raw | ConvertFrom-Json
$CSCreation = [DateTime]$CS.Creation
New-CredentialStore -Force -Shared
$now -gt $csCreation | Should Be $True
Context "Custom Shared CS tests" {
$pCS = Join-Path -Path $env:TEMP -ChildPath "CredentialStore.json"
It "Test1: Create new custom shared" {
{New-CredentialStore -Path $pCS -Shared} | Should Not Throw
It "Test2: Try to override exiting one" {
{New-CredentialStore -Path $pCS -Shared} | Should Throw
It "Test3: Reset existing custom CredentialStore" {
{New-CredentialStore -Path $pCS -Shared -Force} | Should Not Throw
# Cleanup test stores and restore existing ones.
$VerbosePreference = "Continue"
Write-Verbose "Restoring private CredentialStore"
If (Test-Path -Path $BackupFile) {
If (Test-Path -Path $CSPath) {
Remove-Item -Path $CSPath
Move-Item -Path $BackupFile -Destination $CSPath
Write-Verbose "Restoring shared CredentialStore"
If (Test-Path -Path $BackupSharedFile) {
If (Test-Path -Path $CSShared) {
Remove-Item -Path $CSShared
Move-Item -Path $BackupSharedFile -Destination $CSShared
$VerbosePreference = "SilentlyContinue"

View File

@ -0,0 +1,40 @@
#region HEADER
$here = Split-Path -Parent $MyInvocation.MyCommand.Path
# $RepoRoot = (Get-Item -Path $here).Parent.Parent.FullName
$RepoRoot = (Get-GitDirectory).replace('\.git', '')
$sut = (Split-Path -Leaf $MyInvocation.MyCommand.Path) -replace '\.Tests\.', '.'
$sut = $sut -replace "\d{2}`_", ''
$suthome = (Get-ChildItem -Path $RepoRoot -Exclude ".\tests\" -Filter $sut -Recurse).FullName
# Skip try loading the source file if it doesn't exists.
If ($suthome.Length -gt 0) {
. $suthome
Else {
Write-Warning ("Could not find source file {0}" -f $sut)
# load additional functions defined in the repository. Replace the expression <FunctionName>.
# . (Get-ChildItem -Path $RepoRoot -Filter "<Function-Name>.ps1" -Recurse).FullName
#endregion HEADER
Describe "Test-CredentialStore" {
Context "Basic logic tests" {
$TestCredentialStore = Resolve-Path -Path ("{0}\resources\cs\CredentialStore.json" -f $RepoRoot)
It "Test1: Should Not Throw" {
{ Test-CredentialStore -Path $TestCredentialStore } | Should Not Throw
It "Test2: Read valid CredentialStore" {
$res = Test-CredentialStore -Path $TestCredentialStore
$res | Should Be $True
It "Test3: Read a broken CredentialStore" {
$BrokenCS = Resolve-Path -Path ("{0}\resources\cs\Broken_CS.json" -f $RepoRoot)
$oWarningPreference = $WarningPreference
$WarningPreference = 'SilentlyContinue'
$res = Test-CredentialStore -Path $BrokenCS
$res | Should Be $False
$WarningPreference = $oWarningPreference

tools/AppVeyor.psm1 Normal file
View File

@ -0,0 +1,178 @@
Define the callsign of you PowerShell Module.
Callsign is used to identity:
- Module Manifest file name
- Artifact File
- Git repository name
- Module name
$CALLSIGN = 'PSCredentialStore'
Write-Host ("Callsign is: {0}" -f $CALLSIGN) -ForegroundColor Yellow
Function Invoke-AppVeyorBumpVersion() {
Write-Host "Listing Env Vars for debugging:" -ForegroundColor Yellow
# Filter Results to prevent exposing secure vars.
Get-ChildItem -Path "Env:*" | Where-Object { $ -notmatch "(NuGetToken|CoverallsToken)"} | Sort-Object -Property Name | Format-Table
Try {
$ModManifest = Get-Content -Path (".\src\{0}.psd1" -f $CALLSIGN)
$BumpedManifest = $ModManifest -replace '', $Env:APPVEYOR_BUILD_VERSION
Remove-Item -Path (".\src\{0}.psd1" -f $CALLSIGN)
Out-File -FilePath (".\src\{0}.psd1" -f $CALLSIGN) -InputObject $BumpedManifest -NoClobber -Encoding utf8 -Force
Catch {
$MsgParams = @{
Message = 'Could not bump current version into module manifest.'
Category = 'Error'
Details = $_.Exception.Message
Add-AppveyorMessage @MsgParams
Throw $MsgParams.Message
Function Invoke-AppVeyorBuild() {
$MsgParams = @{
Message = 'Creating build artifacts'
Category = 'Information'
Details = 'Extracting source files and compressing them into zip file.'
Add-AppveyorMessage @MsgParams
$CompParams = @{
Path = "{0}\src\*" -f $env:APPVEYOR_BUILD_FOLDER
DestinationPath = "{0}\bin\{1}.zip" -f $env:APPVEYOR_BUILD_FOLDER, $CALLSIGN
Update = $True
Verbose = $True
Compress-Archive @CompParams
$MsgParams = @{
Message = 'Pushing artifacts'
Category = 'Information'
Details = 'Pushing artifacts to AppVeyor store.'
Add-AppveyorMessage @MsgParams
Push-AppveyorArtifact (".\bin\{0}.zip" -f $CALLSIGN)
Function Invoke-AppVeyorTests() {
$MsgParams = @{
Message = 'Starting Pester tests'
Category = 'Information'
Details = 'Now running all test found in .\tests\ dir.'
Add-AppveyorMessage @MsgParams
$testresults = Invoke-Pester -Path ".\tests\*" -ExcludeTag 'Disabled' -PassThru
ForEach ($Item in $testresults.TestResult) {
Switch ($Item.Result) {
"Passed" {
$TestParams = @{
Name = "{0}: {1}" -f $Item.Context, $Item.Name
Framework = "NUnit"
Filename = $Item.Describe
Outcome = "Passed"
Duration = $Item.Time.Milliseconds
Add-AppveyorTest @TestParams
"Failed" {
$TestParams = @{
Name = "{0}: {1}" -f $Item.Context, $Item.Name
Framework = "NUnit"
Filename = $Item.Describe
Outcome = "Failed"
Duration = $Item.Time.Milliseconds
ErrorMessage = $Item.FailureMessage
ErrorStackTrace = $Item.StackTrace
Add-AppveyorTest @TestParams
Default {
$TestParams = @{
Name = "{0}: {1}" -f $Item.Context, $Item.Name
Framework = "NUnit"
Filename = $Item.Describe
Outcome = "None"
Duration = $Item.Time.Milliseconds
ErrorMessage = $Item.FailureMessage
ErrorStackTrace = $Item.StackTrace
Add-AppveyorTest @TestParams
If ($testresults.FailedCount -gt 0) {
$MsgParams = @{
Message = 'Pester Tests failed.'
Category = 'Error'
Details = "$($testresults.FailedCount) tests failed."
Add-AppveyorMessage @MsgParams
Throw $MsgParams.Message
Function Invoke-CoverageReport() {
[Parameter(Mandatory = $False)]
[String]$RepoToken = $Env:CoverallsToken
Import-Module ('.\src\{0}.psm1' -f $CALLSIGN) -Verbose -Force
$FileMap = New-PesterFileMap -SourceRoot '.\src' -PesterRoot '.\tests'
$CoverageReport = New-CoverageReport -PesterFileMap $FileMap -RepoToken $RepoToken
Write-Host "CoverageReport JSON:" -ForegroundColor Yellow
$CoverageReport | Out-String | Write-Host
Publish-CoverageReport -CoverageReport $CoverageReport
Function Invoke-AppVeyorPSGallery() {
Expand-Archive -Path (".\bin\{0}.zip" -f $CALLSIGN) -DestinationPath ("C:\Users\appveyor\Documents\WindowsPowerShell\Modules\{0}\" -f $CALLSIGN) -Verbose
Import-Module -Name $CALLSIGN -Verbose -Force
Write-Host "Available Package Provider:" -ForegroundColor Yellow
Get-PackageProvider -ListAvailable
Write-Host "Available Package Sources:" -ForegroundColor Yellow
Try {
Write-Host "Try to get NuGet Provider:" -ForegroundColor Yellow
Get-PackageProvider -Name NuGet -ErrorAction Stop
Catch {
Write-Host "Installing NuGet..." -ForegroundColor Yellow
Install-PackageProvider -Name NuGet -MinimumVersion '' -Force -Verbose
Import-PackageProvider NuGet -MinimumVersion '' -Force
Try {
If ($env:APPVEYOR_REPO_BRANCH -eq 'master') {
Write-Host "try to publish module" -ForegroundColor Yellow
Write-Host ("Callsign is: {0}" -f $CALLSIGN) -ForegroundColor Yellow
Publish-Module -Name $CALLSIGN -NuGetApiKey $env:NuGetToken -Verbose -Force
Else {
Write-Host "Skip publishing to PS Gallery because we are on $($env:APPVEYOR_REPO_BRANCH) branch." -ForegroundColor Yellow
# had to remove the publish-Module statement because it would publish although the -WhatIf is given.
# Publish-Module -Name $CALLSIGN -NuGetApiKey $env:NuGetToken -Verbose -WhatIf
Catch {
$MsgParams = @{
Message = 'Could not deploy module to PSGallery.'
Category = 'Error'
Details = $_.Exception.Message
Add-AppveyorMessage @MsgParams
Throw $MsgParams.Message