Home > Blogs > VMware PowerCLI Blog

Have you seen PowerCLI’s “Credential Store” feature?

It just occurred to me that a very useful feature of PowerCLI never got the introduction it deserves. The feature is the Credential Store and as the name suggests its job is to store credentials. As a result:

  1. Credentials are kept securely (no need to hard code passwords along with scripts)
  2. You type less (no need to specify user and password to Connect-VIServer)

So, how does it work in practice?

Say I connect to my VC like this:

Connect-VIServer –User Andrey –Password “my favorite password”

To use the credential store, I do the following:

New-VICredentialStoreItem -Host -User "Andrey" -Password "my favorite password"

Now I can type just:


When I don’t specify user and/or password, Connect-VIServer checks the credential store, finds my newly stored credential and uses it.

By default the credential store file is stored under the user profile directory. It is encrypted. If I got you interested, check “help *VICredentialStoreItem” for details.


Andrey Anastasov,

PowerCLI Architect

8 thoughts on “Have you seen PowerCLI’s “Credential Store” feature?

  1. Jake

    In case anyone wants the full usage: http://www.vmware.com/support/developer/windowstoolkit/wintk40u1/html/New-VICredentialStoreItem.html

  2. LucD

    Fully agree Andrey, indeed a forgotten cmdlet ;-(
    Could you perhaps expand a bit on the encryption ? Is it based on the SecureString class, can it be decrypted with the GetNetworkCredential method ?
    Jake, I suppose that link should be http://www.vmware.com/support/developer/PowerCLI/PowerCLI50/html/New-VICredentialStoreItem.html 😉

  3. Andrey Anastasov

    The credential store is encrypted with .Net’s ProtectedData.Protect() function which delegates to Windows’ CryptProtectData(). It is considered a secure way to protect data and – to my knowledge – is the method employed by the built-in Windows file encryption (EFS).
    To decrypt the data, an attacker must have enough information as to log in as the user who encrypted the data. In other words, even if someone steals the harddisk, the data is secure as long as the user password is unavailable to the attacker. An administrator cannot read the data by forcing password reset.

  4. Pingback: Changing Virtual Machine settings with PowerCLI | Phy2Vir | An IT Blog from a support guy

  5. Pingback: SRM Testing…What do I do with my Domain Controllers? Part 1 | Favoritevmguy

  6. Pingback: Store VMware PowerCLI login credentials | bLOG.

  7. Thomas

    Andrey, thanks for this hint. One question though: When I type New-VICredentialStoreItem -Host -User “Andrey” -Password “my favorite password” this command is stored in the PowerCli command history, meaning that anybody could stumble upon my typed out password.
    clear-history does not delete any of the vsphere powercli-commands, nor does closing the whole thing and rebooting do.

    Is there a way to remove my typed out password from powerclis command history?


  8. DSHAH3

    thanks! it did help me, i was looking for a script to store password in my existing script.

    Connect-VIServer –User Andrey –Password “my favorite password”

    FYI beginners, remove the quotes from your password . ie.

    Connect-VIServer –User jsmith –Password Hello@123


Leave a Reply

Your email address will not be published. Required fields are marked *