System.Security.SecureString
is to store confidental text and to avoid storing it in process memory as plain text. The text should be erased from memory when no longer needed. SecureString
when porting code to .NET. A SecureString object should never be constructed from a String, because the sensitive data is already subject to the memory persistence consequences of the immutable String class. The best way to construct a SecureString object is from a character-at-a-time unmanaged source, such as the Console.ReadKey method.
$password = 'secret!' $secStr = convertTo-secureString -string $password -asPlainText -force $secBstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secStr) write-host "Password is $([System.Runtime.InteropServices.Marshal]::PtrToStringAuto($secBstr))"
On the Windows operating system, the contents of a SecureString instance's internal character array are encrypted.
…
Because of this platform dependency, SecureString does not encrypt the internal storage on non-Windows platform.
$host.ui.readLineAsSecureString()