How to recover the username and password from the Secure Store Service

Hi, it happened lots of time, I configure the Secure Store with an username and pwd, I tried to keep this values in a txt, but some times this txt were deleted by mistake or simply we forget where we store this values. For that reason, from time to time I execute the following PowerShell to extract all this information and trie to document it.

So here we go:

add-PSSnapin 'Microsoft.SharePoint.Powershell'

Add-Type -Path C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions15ISAPIMicrosoft.SharePoint.dll
Add-Type -Path C:WindowsMicrosoft.NETassemblyGAC_MSILMicrosoft.Office.SecureStoreServicev4.0_15.0.0.0__71e9bce111e9429cMicrosoft.Office.SecureStoreService.dll
Add-Type -Path C:WindowsMicrosoft.NETassemblyGAC_MSILMicrosoft.BusinessDatav4.0_15.0.0.0__71e9bce111e9429cMicrosoft.BusinessData.dll

$sssAppId = ExcelHost
$webAppUrl = https://portalurl  #Note - this can be any web application bound to the SSS proxy application; or central admin

$site = Get-SPSite -Identity $webAppUrl
$ssProvider = New-Object(Microsoft.Office.SecureStoreService.Server.SecureStoreProvider)

$context = [Microsoft.SharePoint.SPServiceContext]::GetContext($site)
$ssProvider.Context = $context;

Write-Host Credentials for SSS Application $sssAppId
$credentialCollection = $ssProvider.GetCredentials($sssAppId)
foreach($c in $credentialCollection)
    $ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($c.Credential)

    $decryptString = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($ptr)

    Write-Host Credential Type: $c.CredentialType
    Write-Host Decrypted String: $decryptString

The code is made for working with SharePoint 2013, if you need to run this code in SharePoint 2010, try to change the locations to the correct GAC

Hope it helps!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s