Configure, Store And Read Secure Store Credentials Within SharePoint - Part 1

Secure Store Service is a central repository where SharePoint Credentials or external system connection credentials can be encrypted and stored.

Once the SharePoint Installation is complete we can either use the installation wizard to automatically provision the Service Applications or we can create them manually. In order to store within the Secure Store we have to create a Secure Store Service Application.

We have to create a Managed Account before creating the Service Application.

For that go to Central Administration, then Security

Security

Click on Configure Managed Accounts.

Accounts

I have created a Managed Account using the AD account ‘SecureStoreMA’. Now lets create the Service Application.

How to create the secure store Service Application

Go to Central Admin and select 'Manage service applications' from 'Application Management'.

Applications

Select 'Secure Store Service' from the new dropdown.

Service

This will open up the Create Window where we can specify the Application Name and Database Name. Specify the managed account we have created earlier as the security account for creating the Service Application.

Application

Clicking on Finish will create the Service Application for you.

Application

In the Service Application List we can see the new Secure Store Service Application,

List

Now click on the above newly created Service Application so that we can set the Target Application and corresponding username and password.

However, if we are creating target application for the first time we will get the following error.

error

This is because we have to set a passphrase which will be used to encrypt the credential being stored in the secure store . This passphrase will encrypt the data within the secure store and safely store it in the database that gets created along with the Service Application.

If we go to the SQL Server we can see the corresponding Database,

Database

So, let us create the passphrase so that the above error goes away. Click on 'Generate New Key' in the ribbon and enter a 'Pass Phrase'.

PassPhrase

Make sure the pass phrase has enough complexity else the following message will pop up.

message

Once the 'Pass Phrase' is created the Secure Store entry would look like this,

PassPhrase

There are no target applications currently created within the Secure Store. Let us go ahead and create one by clicking New in the ribbon.

ribbon

Here enter the Target Application ID, Display Name and Email. Currently, I have set the type to Individual.

Click on Next .

ribbon

Specify the Field Name and Type. Currently, I have selected Windows User Name & Password. Click Next.

Windows

Specify the users who can read and manage the Secure Store in the above text box.

Clicking on OK will create the Target Application. Next step is to store the User Name and Password within the newly created Target Application.

Windows

Click on 'Set Credentials'.

Credentials

Specify the User Name and Password. Click OK. We have successfully configured the Secure Store Service Application, created a target application and have stored the credentials.

Internally the 'Pass Phrase' will be used to encrypt this credentials and they will be stored in the secure store DB within SQL.

In the next article we will see how to read the stored - secure store credentials.