How to Recover Credentials from Secure Store Service in SharePoint using PowerShell?

So the previous SharePoint administrator left without documenting passwords from SharePoint secure store Service? Unfortunately, There is no way to get stored user name, passwords from SharePoint secure store service from the Central Administration site.

Recover secure store service credentials in SharePoint using powershell

No worries, Lets use PowerShell to decrypt all user names and passwords stored in SharePoint secure store service.

PowerShell to Get Credentials from Secure Store Service: 

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Any web application associated with SSS proxy application or central admin
$WebAppURL="http://intranet.crescent.com"

#Establish the Context
$Provider = New-Object Microsoft.Office.SecureStoreService.Server.SecureStoreProvider
$Provider.Context =  Get-SPServiceContext -Site $WebAppURL
 
#Get All Target Applications
$TargetApps = $provider.GetTargetApplications()
foreach ($App in $TargetApps)
{
    Write-Output $App.Name
    
    #Get the credentials for the App
    $Credentials = $provider.GetCredentials($App.Name)
    foreach ($Cred in $Credentials)
    {
        $EncryptString  = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($cred.Credential)
        $DecryptString  = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($EncryptString)
 
        Write-Output "$($cred.CredentialType): $($DecryptString)"
    }
 }

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

One thought on “How to Recover Credentials from Secure Store Service in SharePoint using PowerShell?

  • July 28, 2021 at 1:52 PM

    $WebAppURL should not be a Web application, but a site collection. For the rest it works great. Thanks.

    Reply

Leave a Reply