Create SharePoint 2013 Secure Store Service Application using PowerShell

PowerShell Script to Create SharePoint 2013/2016 Secure store Service application:

Secure Store Service was introduced as a replacement to the SSO feature since SharePoint 2010. Secure Store Service is a shared service that provides storage and mapping of credentials such as account names and passwords. It solves the problem of having to sign in to many applications and entering different usernames and passwords. It enables you to securely store data that provides credentials required for connecting to external systems and associating those credentials to a specific identity or group of identities. Creating a secure store service application through SharePoint Central administration site is explained here: Configure Secure Store Service Application in SharePoint 2016

Create Secure store Service application using PowerShell in SharePoint 2016:

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Configuration Parameters
$ServiceAppName = "Secure Store Service Application"
$ServiceAppProxyName = "Secure Store Service Application Proxy"
$AppPoolAccount = "Crescent\SP16-AppPool"
$AppPoolName = "Service Application App Pool"
$DatabaseServer ="SP16-SQL001"
$DatabaseName = "SP16_Service_SecureStore"

Try {
    #Set the Error Action
    $ErrorActionPreference = "Stop"
    #Check if Managed account is registered already
    Write-Host -ForegroundColor Yellow "Checking if the Managed Accounts already exists"
    $AppPoolAccount = Get-SPManagedAccount -Identity $AppPoolAccount -ErrorAction SilentlyContinue
    if($AppPoolAccount -eq $null)
        Write-Host "Please Enter the password for the Service Account..."
        $AppPoolCredentials = Get-Credential $AppPoolAccount
        $AppPoolAccount = New-SPManagedAccount -Credential $AppPoolCredentials
    #Check if the application pool exists already
    Write-Host -ForegroundColor Yellow "Checking if the Application Pool already exists"
    $AppPool = Get-SPServiceApplicationPool -Identity $AppPoolName -ErrorAction SilentlyContinue
    if ($AppPool -eq $null)
        Write-Host -ForegroundColor Green "Creating Application Pool..."
        $AppPool = New-SPServiceApplicationPool -Name $AppPoolName -Account $AppPoolAccount
    #Check if the Service application exists already
    Write-Host -ForegroundColor Yellow "Checking if Secure Store Service Application exists already"
    $ServiceApplication = Get-SPServiceApplication -Name $ServiceAppName -ErrorAction SilentlyContinue
    if ($ServiceApplication -eq $null)
        Write-Host -ForegroundColor Green "Creating Secure Store Service Application..."
        $ServiceApplication = New-SPSecureStoreServiceApplication -Name $ServiceAppName -ApplicationPool $AppPoolName -DatabaseName $DatabaseName -DatabaseServer $DatabaseServer -AuditingEnabled:$false
        $ServiceApplicationProxy = New-SPSecureStoreServiceApplicationProxy -Name $ServiceAppName" Proxy" -ServiceApplication $ServiceApplication -DefaultProxyGroup
    #Start service instance 
    $ServiceInstance = Get-SPServiceInstance | Where-Object { $_.TypeName -like "*Secure Store Service*" }

    #Check the Service status
    if ($ServiceInstance.Status -ne "Online")
        Write-Host -ForegroundColor Yellow "Starting the Secure Store Service Instance..."
        Start-SPServiceInstance $ServiceInstance
    Write-Host -ForegroundColor Green "Secure Store Service Application created successfully!"
catch {
    Write-Host $_.Exception.Message -ForegroundColor Red
 finally {
    #Reset the Error Action to Default
    $ErrorActionPreference = "Continue"

Create Master Key for Secure Store Service using PowerShell:

#Config parameters
$Passphrase = "Password1"
$ServiceAppProxyName="Secure Store Service Application Proxy"

#Get the Service App Proxy
$ServiceAppProxy = Get-SPServiceApplicationProxy | where { $_.Name -eq $ServiceAppProxyName}

#Create Master key
Update-SPSecureStoreMasterKey -ServiceApplicationProxy $ServiceAppProxy -Passphrase $Passphrase

Don’t forget to change the values in #Configuration Parameters section!

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

One thought on “Create SharePoint 2013 Secure Store Service Application using PowerShell

  • May 18, 2020 at 9:57 PM

    Salaudeen —

    I keep getting this error when I try to create the key:

    Update-SPSecureStoreMasterKey : There are no addresses available for this application.

    Any ideas?


Leave a Reply