PowerShell - Command history and confidential information
To support me, you can subscribe to the channel, share and like the videos, disable your ad blocker or make a donation. Thank you!
Hello,
Powershell has a history, even several, the commands you run may contain confidential information and remain in that history.
There are 3 histories:
- The Powershell history (in the current Shell Get-History)
- The history of the PSReadLine module (stored in a file by default)
- The Powershell console cache (the command callback with arrows or F8)
Here are some demonstrations and commands for either deleting these histories or removing sensitive information from them.
# Check behaviours.ConvertTo-SecureString 'titi' -AsPlainText -ForceGet-Credential -Credential Guillaume
# Display the history of the current shellGet-History# Note that the history of the current shell retains the following commands
# Display the history of PSReadLineGet-Content (Get-PSReadLineOption).HistorySavePath# The history of PSReadLine deletes the ConvertTo-SecureString command but leaves the identifier
## Delete history# Delete history PowershellClear-History
# Delete console cache history (command callback with arrows or F8)[Microsoft.PowerShell.PSConsoleReadLine]::ClearHistory()# Alt + F7 does the same thing
# Delete the PSReadLine historyRemove-Item -Path (Get-PSReadLineOption).HistorySavePath
# Delete PSReadLine historySet-PSReadlineOption -HistorySaveStyle SaveNothing
## Delete confidential information only# Delete confidential information from history Powershell# Delete part of the history (specify an Array of values to delete the corresponding rows)Clear-History -CommandLine *SecureString*, *credential*
# Clear part of the history PSReadLine (specify values separated by a | to delete the corresponding lines)HistoryPath = (Get-PSReadLineOption).HistorySavePath(Get-Content $HistoryPath ).where({$_ -notmatch 'credential|sensible'}) | Set-Content $HistoryPathComplete your reading with the following articles:
Improving Powershell command-line usability with PSReadLine
Powershell - Playing with command history
Related links
Powershell - Managing the status and configuration of network interfaces
Powershell commands to view and modify the status and configuration of network interfaces (disable IPv6, enable/disable an interface)Powershell and the Left Hand Side
An important concept in Powershell, the Left Hand SidePowershell - Managing disks, partitions and volumes
How to manage disks, partitions and volumes in PowershellPowershell - Managing System Restore Points in Windows
How to manage system restore points in WindowsPowershell - Playing with the Windows clipboard
“How to send and retrieve information from the Windows clipboard”Powershell - Changing the state of a computer (sleep, hibernate, shutdown, restart)
How to change the state of a computer (sleep, hibernate, shutdown, restart) in Powershell
Follow me on
Support me
Last content
Powershell - Managing the status and configuration of network interfaces
Powershell and the Left Hand Side
Powershell - Managing disks, partitions and volumes
Powershell - Managing System Restore Points in Windows
Powershell - Playing with the Windows clipboard
Powershell - Changing the state of a computer (sleep, hibernate, shutdown, restart)
Powershell - Compress-Archive and Expand-Archive to create and extract ZIP archives
Powershell - Export-Csv versus Export-Clixml
Powershell - Overview of Where-Object basic syntax and its limitations
Powershell - Hyper-V - Give a custom name to a virtual network adapter