Configure, Store And Read Secure Store Credentials Within SharePoint - Part 1

Secure Store Service is a central repository where SharePoint Credentials or external system connection credentials can be encrypted and stored.

Once the SharePoint Installation is complete we can either use the installation wizard to automatically provision the Service Applications or we can create them manually. In order to store within the Secure Store we have to create a Secure Store Service Application.

We have to create a Managed Account before creating the Service Application.

For that go to Central Administration, then Security


Click on Configure Managed Accounts.


I have created a Managed Account using the AD account ‘SecureStoreMA’. Now lets create the Service Application.

How to create the secure store Service Application

Go to Central Admin and select 'Manage service applications' from 'Application Management'.


Select 'Secure Store Service' from the new dropdown.


This will open up the Create Window where we can specify the Application Name and Database Name. Specify the managed account we have created earlier as the security account for creating the Service Application.


Clicking on Finish will create the Service Application for you.


In the Service Application List we can see the new Secure Store Service Application,


Now click on the above newly created Service Application so that we can set the Target Application and corresponding username and password.

However, if we are creating target application for the first time we will get the following error.


This is because we have to set a passphrase which will be used to encrypt the credential being stored in the secure store . This passphrase will encrypt the data within the secure store and safely store it in the database that gets created along with the Service Application.

If we go to the SQL Server we can see the corresponding Database,


So, let us create the passphrase so that the above error goes away. Click on 'Generate New Key' in the ribbon and enter a 'Pass Phrase'.


Make sure the pass phrase has enough complexity else the following message will pop up.


Once the 'Pass Phrase' is created the Secure Store entry would look like this,


There are no target applications currently created within the Secure Store. Let us go ahead and create one by clicking New in the ribbon.


Here enter the Target Application ID, Display Name and Email. Currently, I have set the type to Individual.

Click on Next .


Specify the Field Name and Type. Currently, I have selected Windows User Name & Password. Click Next.


Specify the users who can read and manage the Secure Store in the above text box.

Clicking on OK will create the Target Application. Next step is to store the User Name and Password within the newly created Target Application.


Click on 'Set Credentials'.


Specify the User Name and Password. Click OK. We have successfully configured the Secure Store Service Application, created a target application and have stored the credentials.

Internally the 'Pass Phrase' will be used to encrypt this credentials and they will be stored in the secure store DB within SQL.

In the next article we will see how to read the stored - secure store credentials.

Recommended Ebook

SharePoint Online And Office 365 Administration

Download Now!
Similar Articles