This script was conceived to meet the requirement of securely storing credentials for use with my PowerShell script.
I abhor the "encrypt and write to a file" method because it is difficult for the script writer to use properly and also because it incurs the additional attack surface of NTFS permissions.
By contrast, the use of Windows Credman is more difficult, because inline C# and P/Invoke are both required to make use of it from PowerShell; neither of which are very palatable for most PowerShell users.
Because CredMan was designed and tested explicitly for use in storing credentials in various forms and contexts, and because I was tired of trying to create a "protected store", I set about getting PowerShell and Windows Credman to cooperate.  This script is the result of that effort.
2012-10-12: Extensive updates:
    - Fixed a bug where the script would only read, write or delete GENERIC
    credentials types.
    - Added #region blocks to clarify internal functionality
    - Added 'CredType' param to specify what sort of credential is to be read,
    created or deleted (not used for -ShoCred or Enum-Creds)
    - Added 'CredPersist' param to specify how the credential is to be stored;
    only used in Write-Cred
    - Added 'All' param for -ShoCreds to differentiate between creds summary
    list and detailed creds dump
    - Added CRED_FLAGS enum to make the credential struct flags values clearer
    - Improved parameter validation
    - Expanded internal help (used with Get-Help cmdlet)
    - Cmd-line functions better illustrate how to interpret the results when
    dot-sourcing the script
This script supports:
- Use from the command-line
PowerShell
Edit|Remove
PS C:\> .\CredMan.ps1 -AddCred -Target 'DemoTgt' -User 'DemoUser' -Pass 'DemoPass' 
Successfully wrote or updated credentials as: 
  UserName  : DemoUser 
  Password  : DemoPass 
  Target    : DemoTgt 
  Updated   : 2012-10-13 17:40:35 UTC 
  Comment   : Last edited by demo\useracct on computername
 - use as a dot-sourced PowerShell script
PowerShell
Edit|Remove
. .\Path\To\CredMan.ps1  
 
function Main 
{ 
#region Adding credentials 
    if($AddCred) 
    { 
        if([String]::IsNullOrEmpty($User-or 
           [String]::IsNullOrEmpty($Pass)) 
        { 
            Write-Host "You must supply a user name and password (target URI is optional)." 
            return 
        } 
        # may be [Int32] or [Management.Automation.ErrorRecord] 
        [Object] $Results = Write-Creds $Target $User $Pass $Comment $CredType $CredPersist 
        if(0 -eq $Results) 
        { 
            [Object] $Cred = Read-Creds $Target $CredType 
            if($null -eq $Cred) 
            { 
                Write-Host "Credentials for '$Target', '$User' was not found." 
                return 
            } 
            if($Cred -is [Management.Automation.ErrorRecord]) 
            { 
                return $Cred 
            } 
            [String] $CredStr = @" 
Successfully wrote or updated credentials as: 
  UserName  : $($Cred.UserName) 
  Password  : $($Cred.CredentialBlob) 
  Target    : $($Cred.TargetName.Substring($Cred.TargetName.IndexOf("=")+1)) 
  Updated   : $([String]::Format("{0:yyyy-MM-dd HH:mm:ss}"$Cred.LastWritten.ToUniversalTime())) UTC 
  Comment   : $($Cred.Comment) 
"@ 
            Write-Host $CredStr 
            return 
        } 
        # will be a [Management.Automation.ErrorRecord] 
        return $Results 
    } 
#endregion     
 
#region Removing credentials 
    if($DelCred) 
    { 
        if(-not $Target) 
        { 
            Write-Host "You must supply a target URI." 
            return 
        } 
        # may be [Int32] or [Management.Automation.ErrorRecord] 
        [Object] $Results = Del-Creds $Target $CredType  
        if(0 -eq $Results) 
        { 
            Write-Host "Successfully deleted credentials for '$Target'" 
            return 
        } 
        # will be a [Management.Automation.ErrorRecord] 
        return $Results 
    } 
#endregion 
 
#region Reading selected credential 
    if($GetCred) 
    { 
        if(-not $Target) 
        { 
            Write-Host "You must supply a target URI." 
            return 
        } 
        # may be [PsUtils.CredMan+Credential] or [Management.Automation.ErrorRecord] 
        [Object] $Cred = Read-Creds $Target $CredType 
        if($null -eq $Cred) 
        { 
            Write-Host "Credential for '$Target' as '$CredType' type was not found." 
            return 
        } 
        if($Cred -is [Management.Automation.ErrorRecord]) 
        { 
            return $Cred 
        } 
        [String] $CredStr = @" 
Found credentials as: 
  UserName  : $($Cred.UserName) 
  Password  : $($Cred.CredentialBlob) 
  Target    : $($Cred.TargetName.Substring($Cred.TargetName.IndexOf("=")+1)) 
  Updated   : $([String]::Format("{0:yyyy-MM-dd HH:mm:ss}"$Cred.LastWritten.ToUniversalTime())) UTC 
  Comment   : $($Cred.Comment) 
"@ 
        Write-Host $CredStr 
    } 
#endregion 
 
#region Reading all credentials 
    if($ShoCred) 
    { 
        # may be [PsUtils.CredMan+Credential[]] or [Management.Automation.ErrorRecord] 
        [Object] $Creds = Enum-Creds 
        if($Creds -split [Array] -and 0 -eq $Creds.Length) 
        { 
            Write-Host "No Credentials found for $($Env:UserName)" 
            return 
        } 
        if($Creds -is [Management.Automation.ErrorRecord]) 
        { 
            return $Creds 
        } 
        foreach($Cred in $Creds) 
        { 
            [String] $CredStr = @" 
             
UserName  : $($Cred.UserName) 
Password  : $($Cred.CredentialBlob) 
Target    : $($Cred.TargetName.Substring($Cred.TargetName.IndexOf("=")+1)) 
Updated   : $([String]::Format("{0:yyyy-MM-dd HH:mm:ss}"$Cred.LastWritten.ToUniversalTime())) UTC 
Comment   : $($Cred.Comment) 
"@ 
            if($All) 
            { 
                $CredStr = @" 
$CredStr 
Alias     : $($Cred.TargetAlias) 
AttribCnt : $($Cred.AttributeCount) 
Attribs   : $($Cred.Attributes) 
Flags     : $($Cred.Flags) 
Pwd Size  : $($Cred.CredentialBlobSize) 
Storage   : $($Cred.Persist) 
Type      : $($Cred.Type) 
"@ 
            } 
            Write-Host $CredStr 
        } 
        return 
    } 
#endregion 
 
#region Run basic diagnostics 
    if($RunTests) 
    { 
        [PsUtils.CredMan]::Main() 
    } 
#endregion 
}