If you need to connect to Microsoft Azure frequently, it might be useful to store your tenant information. Why? It brings comfort while giving up security. It’s your choice. In this blog post I will show you a walkthrough how to connect to Azure with stored credentials. The credentials are encryptet with a certificate. Let’s move on.

Create the Certificate

In order to store your credentials in an encrypted form you need to create a certificate for data encipherment. Select a DnsName of your choosing.

New-SelfSignedCertificate -DnsName pewa2303 -CertStoreLocation "Cert:\CurrentUser\My" `
-KeyUsage KeyEncipherment,DataEncipherment,KeyAgreement -Type DocumentEncryptionCert

Create the Password File

In this step you need to create an empty text file we will need later on.

New-Item -ItemType File -Path C:\Temp\pwd.txt

Encrypt the plain text Password

Now we use the Protect-CmsMessage cmdlet to encrypt the plain text password and save it in our newly created empty file pwd.txt. Have an eye on the -To parameter, you have to fill in your dns name of the certificate.

'123user!' | Protect-CmsMessage -To cn=pewa2303 -OutFile C:\Temp\pwd.txt

Create the Credential Object and connect to Azure

Now we come to the final part where we create the credential object for further processing. Provide your username here.

$password = ConvertTo-SecureString (Unprotect-CmsMessage -Path C:\Temp\pwd.txt) -AsPlainText -Force

$cred= New-Object System.Management.Automation.PSCredential ('someone@outlook.com', $password)

Now let’s do the magic.

Connect-AzAccount -Credential $cred 

Wow, that rocks!