How to mask user input password in parameter of C# custom Cmdlet

Question

In my program I need to ask user for password in parameter:

[Cmdlet(VerbsCommon.Get, "MyTest"]
public class GetMyTest : PSCmdlet
{
    [Parameter(Mandatory=true)]
    public ? Password { get; set;}
}

I can't figure out what is the correct type to use for Password. In another question: How does one securely handle passwords in a custom written PowerShell cmdlet?

The accepted answer asked to use read-host in the code, but I have to use parameter to ask for this field.

I also tried to use SecureString for Password, but I am not able to give a SecureString to this parameter as it will be automatically accepted as string, not secure string.

Is it any way to achieve the following usage:

Get-MyTest -Password ***** (where I actually type in 'abcde' but the input is masked.)

Answer 1

There is no way to make particular portion of command line input to be protected with asterisks - command line input is just plain text.

Options

• store password in a file so it is not visible in the input. The question now is how to protect that file but may work for some cases - i.e. specify encrypted password similar to encrypted settings in web.config
• require user to type password in
• instead password require user to log in with that account (for Windows auth)
• if there is some way to get short-lived token (i.e. using OAUTH) - you may use that in clear text instead of password

Answer 2

Usually what is done is that you store the password in a string-typed variable and then you hash it somehow (SHA256, MD5, or so) to store it in the database (or to compare it and allow or not user to access the application.

So, I am not sure there is a better type for that.