How does one securely handle passwords in a custom written PowerShell cmdlet?

Question

Assume I have a custom PowerShell Cmdlet that exports data and encrypts it using a password.

[Cmdlet(VerbsData.Export, \"SampleData\")]
public class ExportSample         


        

Answer 1

Change the type of the Password parameter to SecureString; if the administrator omits the -Password parameter, PowerShell will do the right thing by prompting the administrator for the mandatory parameter and display astrisks as they type.

Ideally the implementation of your cmdlet will pass the SecureString to some API that natively supports SecureString (most secure); if not, you'll have to extract the password from the SecureString. Here's a good article on how to do that: How to properly convert SecureString to String