Saving a Powershell Object across Sessions

Question

I currently have a project in powershell which interacts with a REST API, and the first step after opening a new powershell session is to authenticate myself which creates a websession object which is then used for subsequent API calls.

I was wondering what the best way of going about storing this token object across all Powershell sessions, because right now if I authenticate myself and then close & reopen powershell I need to re-authenticate which is rather inconvenient. I would like the ability to in theory authenticate once and then whenever I open up powershell be able to use my already saved websession object. At the moment I store this websession object in $MyInvocation.MyCommand.Module.PrivateData.Session

Thanks for your time.

Answer 1

I've written a number of PowerShell Modules which interact with REST APIs on the web so I've had to tackle this very problem!

The technique I liked to use involves storing the object within the user's local credential store, as seen in my PSReddit PowerShell Module.

First, to export your password in an encrypted state. We need to do this using both the ConvertTo and ConvertFrom cmdlets.

Why both cmdlets?

ConvertTo-SecureString makes our plaintext into an Encrypted Object, but we can't export that. We then use ConvertFrom-SecureString to turn the encrypted object back into encrypted text, which we can export.

I'm going to start with my very secure password of ham.

$password = "ham"
$password | ConvertTo-SecureString -AsPlainText -Force | 
  ConvertFrom-SecureString | Export-CliXML $Mypath\Export.ps1xml

At this point, I've got a file on disk which is encrypted. If someone logs on to the machine they can't decrypt it, only I can. If someone copies it off of the machine, they still can't decrypt it. Only me, only here.

How do we decrypt the text?

Now, assuming we want to get the same plain text back out to use late, we can add this to our PowerShell Profile, you can import your password like so.

$pass = Import-CliXML $Mypath\Export.ps1xml | ConvertTo-SecureString
Get-DecryptedValue -inputObj $pass -name password

$password 
>"ham"

This will create a variable called $password containing your password. The decryption depends on this function, so be sure it's in your profile: Get-DecryptedValue.

Function Get-DecryptedValue{
param($inputObj,$name)

            $Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($inputObj)
            $result = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
            [System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
            New-Variable -Scope Global -Name $name -Value $result -PassThru -Force

}