The Secure Store Service in SharePoint 2010 is a really convenient way of storing credentials for external applications. However, what do you do if you set up a credential in the service, but forgot to record the password? No worries…with a little PowerShell script we can retrieve all username/password combos from the service.

$context = Get-SPServiceContext -Site http://your-site-here

$provider = New-Object Microsoft.Office.SecureStoreService.Server.SecureStoreProvider
$provider.Context = $context

$marshal = [System.Runtime.InteropServices.Marshal]

try
{
    $apps = $provider.GetTargetApplications()
    foreach ($app in $apps)
    {
       Write-Output "`n$($app.Name)"
        Write-Output "$('-'*80)"
        try
        {
            $creds = $provider.GetCredentials($app.Name)
            foreach ($cred in $creds)
            {
                $ptr = $marshal::SecureStringToBSTR($cred.Credential)
                $str = $marshal::PtrToStringBSTR($ptr)

                Write-Output "$($cred.CredentialType): $($str)"
            }
        }
        catch
        {
            Write-Output "Error getting credentials!"
        }
        Write-Output "$('-'*80)"
    }
}
catch
{
    Write-Output "Error getting Target Applications."
}

$marshal::ZeroFreeBSTR($ptr)

Just run this script as an account that has permissions to the Secure Store, and you’ll be able to see all your credentials. Kind of cool, eh?

Comments