Have you seen PowerCLI’s “Credential Store” feature?

It just occurred to me that a very useful feature of PowerCLI never got the introduction it deserves. The feature is the Credential Store and as the name suggests its job is to store credentials. As a result:

  1. Credentials are kept securely (no need to hard code passwords along with scripts)
  2. You type less (no need to specify user and password to Connect-VIServer)

So, how does it work in practice?

Say I connect to my VC like this:

Connect-VIServer –User Andrey –Password “my favorite password”

To use the credential store, I do the following:

New-VICredentialStoreItem -Host -User "Andrey" -Password "my favorite password"

Now I can type just:


When I don’t specify user and/or password, Connect-VIServer checks the credential store, finds my newly stored credential and uses it.

By default the credential store file is stored under the user profile directory. It is encrypted. If I got you interested, check “help *VICredentialStoreItem” for details.


Andrey Anastasov,

PowerCLI Architect


18 comments have been added so far

  1. The credential store is encrypted with .Net’s ProtectedData.Protect() function which delegates to Windows’ CryptProtectData(). It is considered a secure way to protect data and – to my knowledge – is the method employed by the built-in Windows file encryption (EFS).
    To decrypt the data, an attacker must have enough information as to log in as the user who encrypted the data. In other words, even if someone steals the harddisk, the data is secure as long as the user password is unavailable to the attacker. An administrator cannot read the data by forcing password reset.

  2. Andrey, thanks for this hint. One question though: When I type New-VICredentialStoreItem -Host -User “Andrey” -Password “my favorite password” this command is stored in the PowerCli command history, meaning that anybody could stumble upon my typed out password.
    clear-history does not delete any of the vsphere powercli-commands, nor does closing the whole thing and rebooting do.

    Is there a way to remove my typed out password from powerclis command history?


  3. thanks! it did help me, i was looking for a script to store password in my existing script.

    Connect-VIServer –User Andrey –Password “my favorite password”

    FYI beginners, remove the quotes from your password . ie.

    Connect-VIServer –User jsmith –Password Hello@123

Leave a Reply

Your email address will not be published. Required fields are marked *