AvoidUsingPlainTextForPassword
Severity Level: Warning
Description
Password parameters that take in plaintext will expose passwords and compromise the security of your system. Passwords should be stored in the SecureString type.
The following parameters are considered password parameters (this is not case sensitive):
- Password
- Pass
- Passwords
- Passphrase
- Passphrases
- PasswordParam
If a parameter is defined with a name in the above list, it should be declared with type SecureString.
How
Change the type to SecureString.
Example
Wrong
function Test-Script
{
[CmdletBinding()]
Param
(
[string]
$Password
)
...
}
Correct
function Test-Script
{
[CmdletBinding()]
Param
(
[SecureString]
$Password
)
...
}
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for