Convert a secure string to plain text

In my previous post I have described how we can create a credential object part of the process involved creating a secure string object like this

[string]$userPassword = 'MySuperSecurePassword'

# Convert to SecureString
[securestring]$secStringPassword = ConvertTo-SecureString $userPassword -AsPlainText -Force

But what if we need to reverse the process? PowerShell has a handy cmdlet aptly named ConvertFrom-SecureString with the following syntax

ConvertFrom-SecureString -SecureString $secStringPassword

The above will produce an encrypted standard string, I have described this process in my post about storing credentials in a script, which is not what we’re looking for.

To get the unencrypted string we will to leverage built-in .Net methods which, while not as straightforward as a cmdlet, will get the job done here’s the syntax

[System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secStringPassword))

# Output
MySuperSecurePassword

The above will leverage the Marshall Class to convert a secure string to its standard and unencrypted equivalent.

While not very common there are situations, for example when calling an external exe, where secure string are not supported and this is an handy way to use them without storing them in clear text in your code.

As usual Microsoft has pretty extensive documentation about the method that you can find here.