“Is there is a way to capture the credentials of the user executing a script and create a PSCredentials object containing that info”
Absolutely not. That would be quite a gaping security hole If that capability existed, literally any malware that happened to execute on your system would be able to just take your password.
I didn’t realize that you are required to use the -Credential parameter when using -Authentication CredSSP, but if that’s the way it is, then I guess that’s what you’ll have to work around. You might find the $PSDefaultParameterValues variable to be helpful in this regard, or a proxy function. I do something similar with my Nuget API key for the Publish-Module command; I have this in my PowerShell profile:
function global:Publish-Module
{
[CmdletBinding(DefaultParameterSetName='ModuleNameParameterSet', SupportsShouldProcess = $true, ConfirmImpact='Medium', PositionalBinding=$false)]
param(
[Parameter(ParameterSetName='ModuleNameParameterSet', Mandatory = $true, ValueFromPipelineByPropertyName = $true)]
[ValidateNotNullOrEmpty()]
[string]
${Name},
[Parameter(ParameterSetName='ModulePathParameterSet', Mandatory = $true, ValueFromPipelineByPropertyName = $true)]
[ValidateNotNullOrEmpty()]
[string]
${Path},
[Parameter()]
[ValidateNotNullOrEmpty()]
[string]
${NuGetApiKey},
[ValidateNotNullOrEmpty()]
[string]
${Repository},
[ValidateNotNullOrEmpty()]
[string]
${ReleaseNotes},
[ValidateNotNullOrEmpty()]
[string[]]
${Tags},
[ValidateNotNullOrEmpty()]
[uri]
${LicenseUri},
[ValidateNotNullOrEmpty()]
[uri]
${IconUri},
[ValidateNotNullOrEmpty()]
[uri]
${ProjectUri}
)
begin
{
if (-not $PSBoundParameters.ContainsKey('NuGetApiKey'))
{
$apiKeyFile = "$PSScriptRoot\PowerShellGetApiKey.encrypted.xml"
if ((Test-Path -Path $apiKeyFile) -and
(Get-Module ProtectedData -ListAvailable))
{
$apiKey = Import-Clixml -Path $apiKeyFile | Unprotect-Data
if ($null -ne $apiKey) { $PSBoundParameters['NuGetApiKey'] = $apiKey }
}
}
try {
$outBuffer = $null
if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer))
{
$PSBoundParameters['OutBuffer'] = 1
}
$wrappedCmd = Get-Command -Name PowerShellGet\Publish-Module -CommandType Function -ErrorAction Stop
$scriptCmd = { & $wrappedCmd @PSBoundParameters }
$steppablePipeline = $scriptCmd.GetSteppablePipeline($myInvocation.CommandOrigin)
$steppablePipeline.Begin($PSCmdlet)
} catch {
throw
}
}
process
{
try {
$steppablePipeline.Process($_)
} catch {
throw
}
}
end
{
try {
$steppablePipeline.End()
} catch {
throw
}
}
}
Most of that is just the auto-generated proxy function for Publish-Module, except for this bit in the Begin block:
if (-not $PSBoundParameters.ContainsKey('NuGetApiKey'))
{
$apiKeyFile = "$PSScriptRoot\PowerShellGetApiKey.encrypted.xml"
if ((Test-Path -Path $apiKeyFile) -and
(Get-Module ProtectedData -ListAvailable))
{
$apiKey = Import-Clixml -Path $apiKeyFile | Unprotect-Data
if ($null -ne $apiKey) { $PSBoundParameters['NuGetApiKey'] = $apiKey }
}
}
I had previously saved my API key using the ProtectedData module (which is where the Unprotect-Data command comes from), and exported it to disk with Export-Clixml. This function just reversed that process: Import-Clixml and pipe to Unprotect-Data, assuming that I haven’t already passed in an API key when calling the command.