Retrieve Secure Store Credentials


The other day I had the need to find the username/password that was saved into a secure store group credential.  After some research I was able to create a script that did the job:

$site = Get-SPSite -Identity $(Get-SPWebApplication -IncludeCentralAdministration | ?{ $_.IsAdministrationWebApplication}).Url
$SecureStoreProvider.Context = Get-SPServiceContext -Site ($site)
$SecureStoreProvider.GetTargetApplications() |  ForEach-Object {
    Write-Host $_.Name
    try {
        $SecureStoreProvider.GetCredentials($_.ApplicationId) | ForEach-Object {
            $Credential = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($_.Credential))
            Write-Host "`t$($_.CredentialType): $($Credential)"
    } catch  {
        Write-Host "`t$($_)"  -ForegroundColor yellow


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s