I’m usually diligent at storing system credentials in a secure password vault for my job, but the odd time I slip up and today was one of those times.
If you use the Secure Store Service application in SharePoint, you need to provide the credential for each target application. It is used to access the external data source.
Once set, there is no way to see the credential thru the Central Admin UI. I wanted to know which credential a target application was using and I didn’t have it recorded in my password database. Even if I did, sometimes I just like to confirm the setting rather than trusting the documentation. You with me on that one?
Not surprisingly, you can use PowerShell to retrieve it. I found a couple of posts out there how to do it, but I made it my own and have it here mostly for my own reference. I’m sure I’ll be wanting to do this again and now I have it written down in a handy place. 🙂
[code language=”powershell” light=”true”]
Add-PSSnapin Microsoft.SharePoint.Powershell -ErrorAction SilentlyContinue
# Displays credentials for all target applications in the secure store service application in your farm.
$svcContext = Get-SPServiceContext -Site http://centraladminurl
$ssProvider = New-Object Microsoft.Office.SecureStoreService.Server.SecureStoreProvider
$ssProvider.Context = $svcContext
$ssProvider.GetTargetApplications() | ForEach-Object {
Write-Host "`n"($_.Name)
try {
$ssProvider.GetCredentials($_.ApplicationId) | ForEach-Object {
$ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($_.Credential)
$cred = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ptr)
Write-Host "`t$($_.CredentialType): $($cred)"
}
}
catch {
Write-Host "`t$($_)" -ForegroundColor Red
}
}
[/code]
Here is an example of the script result for all target applications I had defined in my Secure Store Service application:
I hope you find this useful if you find yourself in the position of needing to know what the credentials are set to.
Thanks for reading!