Converting SecureStrings

SecureStrings can be converted to plain text. This can be useful to prompt with masked input boxes.

SecureStrings are a way to protect string content from 3rd parties. The person that created a SecureString however can always get back the unencrypted plain text from it.

Converting SecureString To PlainText

Here is a PowerShell function that takes a SecureString and returns the plain text:

function Convert-SecureStringToText
{
  param
  (
    [Parameter(Mandatory,ValueFromPipeline)]
    [System.Security.SecureString]
    $Password
  )
  
  process
  {
    $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)
    [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
  }
}

Test-Driving

With Convert-SecureStringToText, you can utilize PowerShells masked input boxes:

# prompt with masked input:
$pwd = Read-Host -Prompt 'Enter Password' -AsSecureString | Convert-SecureStringToText

# process plain text:
"You entered: $pwd"