> ## Documentation Index
> Fetch the complete documentation index at: https://tally.wharflab.com/llms.txt
> Use this file to discover all available pages before exploring further.

# powershell/PSAvoidUsingPlainTextForPassword

> Avoid Using Plain Text For Password Parameter

`powershell/PSAvoidUsingPlainTextForPassword` is a PSScriptAnalyzer diagnostic emitted by tally for PowerShell snippets embedded in Dockerfiles.

| Property | Value            |
| -------- | ---------------- |
| Severity | Warning          |
| Category | PSScriptAnalyzer |
| Auto-fix | No               |

## Description

Password parameters that take in plaintext will expose passwords and compromise the security of your
system. Passwords should be stored in the **SecureString** type.

The following parameters are considered password parameters (this is not case sensitive):

* Password
* Pass
* Passwords
* Passphrase
* Passphrases
* PasswordParam

If a parameter is defined with a name in the above list, it should be declared with type
**SecureString**.

## How

Change the type to **SecureString**.

## Examples

### Problematic code

```powershell theme={null}
function Test-Script
{
    [CmdletBinding()]
    Param
    (
        [string]
        $Password
    )
    ...
}
```

### Correct code

```powershell theme={null}
function Test-Script
{
    [CmdletBinding()]
    Param
    (
        [SecureString]
        $Password
    )
    ...
}
```

## Source

This rule documentation is adapted from Microsoft's PSScriptAnalyzer documentation for
[AvoidUsingPlainTextForPassword](https://github.com/MicrosoftDocs/PowerShell-Docs-Modules/blob/main/reference/docs-conceptual/PSScriptAnalyzer/Rules/AvoidUsingPlainTextForPassword.md),
licensed under [CC BY 4.0](https://creativecommons.org/licenses/by/4.0/).
