Here's the scenario: You have a script that needs to access a static password which has to be stored in a file, but you do not want the password readable.  Here is a way to encrypt the password so that only you can read it.  Anyone else running the same code from any other account won't be able to read it.  Also, this password file will only be usable on that host. 

$passwd = "<PASSWORD>";
$passwdFile = "$passwordFolder/$env:USERNAME/encrypted.txt";

# to generate the password file

ConvertTo-SecureString -Force -AsPlainText $passwd | ConvertFrom-SecureString  | 
    Set-Content -Encoding ASCII -Path $passwdFile;

# to decrypt the password

if ($secureString = Get-Content $passwdFile
ConvertTo-SecureString -ErrorAction SilentlyContinue) {
    $passwd = [System.Runtime.InteropServices.marshal]::PtrToStringAuto(

} else {
    Write-Warning "Unable to decrypt $passwdFile";

One caveat: if you use this for scheduled tasks with stored credentials (your own or a service account), make sure to require script signing on the computer and sign the script.  Otherwise, someone can modify the script to output the decrypted password to a plaintext file, defeating this whole exercise.