Skip to Content
Technical Articles
Author's profile photo Shanthakumar Krishnaswamy

Automating the Cloud Foundry Command Line Interface (CLI) Login with PowerShell Script


In this post, I explain creating a PowerShell script for auto-login to the Cloud Foundry Command Line Interface (CLI).

The Cloud Foundry Command Line Interface (CLI) basically allows you to connect different Cloud Foundry environments for managing subaccounts, such as creating orgs and spaces, managing quota, etc.. from the comfort of the command line.

Logging on to the Cloud Foundry space requires an API endpoint and user credential details every time. The option “cf login –sso” also requires extra effort to get the temporary authentication code. Due to the changes in security policy, we need to enter lengthy passwords. This can be a challenge for users working with multi-region subaccounts.

You can write a simple script, that allows you to avoid manually logging in to the Cloud Foundry Command Line Interface (CLI) each time you use it.

Let’s try with the PowerShell Script.

The following script prompts credentials for the first time and stores them in a secure string. Later, stored credentials are used for login. This secure string is encrypted based on your Windows logon credentials. The decryption of a secure string is possible only with your credentials.

Function cf-login {
    param (
        [Parameter(Mandatory = $true)]
    BEGIN {
        $Username = $env:username;
        If(!(Test-Path "$($HOME)\$($Username).cred")) {
            Try {
                $Credential = Get-Credential -Message "Enter your Credentials:" -UserName $UserName
                $Credential.Password | ConvertFrom-SecureString | Out-File "$($HOME)\$($Credential.Username).cred" -Force
            Catch {
                Throw $_.Exception.Message

        $Region = "" + $Region + ""
        $SecureString = Get-Content "$($HOME)\$($Username).cred" | ConvertTo-SecureString
        $Credential = New-Object System.Management.Automation.PsCredential($Username, $SecureString)

        cf login -a $Region -u $Credential.UserName -p $Credential.GetNetworkCredential().Password
    END {


If you wish to use this function regularly in your interactive PowerShell sessions, you can place it in your PowerShell profile, which will be available every time you open your PowerShell console.

If you are unsure what a PowerShell profile is or how to use one, there is some good information here.

If the profile already exists, you can just add the function to the end of the existing profile. If not, create a new one.

A quick way to create one is:

New-Item -Path $profile -ItemType File

Once you have created a PowerShell profile, copy the above function into the profile and save. From now on, whenever you open your PowerShell console, the function will be available.

Testing the Script

This script requires the API endpoint region as a parameter. It can be taken from here or else from the API endpoint URL. Here, you only need a region like ap20, us10. 

If you are already working with the PowerShell console, you can close the existing console and open it again to load the script from the profile.

The first time it is executed, it asks for the credential and stores it in a file called $HOME/<user name>.cred. Later, execution works without entering the credentials.

<function-name> <API Endpoint Region>

cf-login ap20

If you want to change the credentials, delete the file from $HOME/<user name>.cred

Using a PowerShell module is a more advanced and significantly more structured, and powerful method of achieving what was done in profile. If you haven’t used PowerShell modules before, there is some good info here

Related Blogposts

Automating the setup of your SAP BTP account with btp-setup-automator by Rui Nogueira

Max’s Adventure in SAP Cloud Platform: Pimp my Cloud Foundry CLI by Maximilian Streifeneder

Connecting from SAP Business Application Studio to SAP BTP Cloud Foundry environment by Tamir Menahem


Well, hope this gives you an idea how to automate cf login using PowerShell scripts to avoid entering credentials every time.

Please leave your comments below for any thoughts or feedbacks.

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.