Http://autospinstaller.codeplex.com/discussions/246532
Http://todd-carter.com/post/2010/04/26/The-Wizard-Likes-His-GUIDs.aspx
Create a secure Store service
Add-PSSnapin Microsoft.SharePoint.PowerShell -EA SilentlyContinue $serviceApplicationPool="Secure Store Service Pool" #name of the application pool under which the application should run$secureStoreDatabaseName="SecureStoreServiceDB" #the sharepoint database where the service app will store the data$secureStoreApplicationName="Secure Store Service" #name of the service application$secureStoreApplicationProxyName="Secure Store Service Proxy" #name of the service application proxy$targetAppID="GMAx SSS" #name of the service target application$targetAppName="GMAxSecureStoreServiceTargetApp"$secureStoreAdministrator="ibm\10010" #the administrator of the application$secureStoreUser="ibm\domain user" #the group or user that will have access to service application. I use the group configuration$secureStoreAdministratorEmail="Mingle.Lui@gmail.com" #email of the administrator$serviceContext="http://www.ibm.com/" # the url for getting the service application context$targetApplicationUserName="ibm\10010" #user name which will be used to access the external application$targetApplicationUserPassword="Password_213"#password which will be used to access the external application$passPhrase="2012-Mar" #passphrase for securing the application#Gettheserviceinstance$SecureStoreServiceInstances=Get-SPServiceInstance|?{$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceInstance])}$SecureStoreServiceInstance=$SecureStoreServiceInstances|?{$_.Server.Address -eq $env:COMPUTERNAME}If(-not$?){Throw "-FailedtofindSecureStoreserviceinstance" }#StartServiceinstanceIf($SecureStoreServiceInstance.Status -eq "Disabled"){ Write-Host "-StartingSecureStoreServiceInstance..." $SecureStoreServiceInstance.Provision() If(-not$?){Throw"-FailedtostartSecureStoreserviceinstance"} #Wait Write-Host "-WaitingforSecureStoreservice..." -NoNewline While($SecureStoreServiceInstance.Status -ne "Online") { Write-Host "." -NoNewline Start-Sleep 1 $SecureStoreServiceInstances=Get-SPServiceInstance | ?{$_.GetType().ToString() -eq "Microsoft.Office.SecureStoreService.Server.SecureStoreServiceInstance"} $SecureStoreServiceInstance=$SecureStoreServiceInstances | ?{$_.Server.Address -eq $env:COMPUTERNAME} } Write-Host $($SecureStoreServiceInstance.Status)} #CreateServiceApplication $GetSPSecureStoreServiceApplication=Get-SPServiceApplication | ?{$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplication])} If($GetSPSecureStoreServiceApplication -eq $Null) { Write-Host "-CreatingSecureStoreServiceApplication..." New-SPSecureStoreServiceApplication -Name $secureStoreApplicationName -PartitionMode:$false -Sharing:$false -DatabaseName $secureStoreDatabaseName -ApplicationPool $serviceApplicationPool -AuditingEnabled:$true -AuditLogMaxSize 30 |Out-Null Write-Host "-CreatingSecureStoreServiceApplicationProxy..." Get-SPServiceApplication | ?{$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplication])}|New-SPSecureStoreServiceApplicationProxy -Name $secureStoreApplicationProxyName -DefaultProxyGroup|Out-Null Write-Host "-DonecreatingSecureStoreServiceApplication." } Else{Write-Host "-SecureStoreServiceApplicationalreadyprovisioned."} $secureStore=Get-SPServiceApplicationProxy|Where{$_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy])} Start-Sleep 5 Write-Host "-CreatingtheMasterKey..." Update-SPSecureStoreMasterKey -ServiceApplicationProxy $secureStore.Id -Passphrase $passPhrase Start-Sleep 5 Write-Host "-CreatingtheApplicationKey..." Update-SPSecureStoreApplicationServerKey -ServiceApplicationProxy $secureStore.Id -Passphrase $passPhrase -ErrorAction SilentlyContinue$usernameField=New-SPSecureStoreApplicationField –Name "UserName" -Type UserName –Masked:$false$passwordField=New-SPSecureStoreApplicationField –Name "Password" –Type Password –Masked:$true$fields=$usernameField,$passwordField$adminClaim=New-SPClaimsPrincipal –Identity $secureStoreAdministrator –IdentityType WindowsSamAccountName$groupid = (New-Object System.Security.Principal.NTAccount("ibm", "domain users")).Translate([System.Security.Principal.SecurityIdentifier]).Value$userClaim=New-SPClaimsPrincipal –Identity $groupid –IdentityType WindowsSecurityGroupSid$targetApp=new-spsecurestoretargetapplication -name $targetAppID -friendlyname $targetAppName -contactemail $secureStoreAdministratorEmail -applicationtype Group -timeoutinminutes 3$ssApp=New-SPSecureStoreApplication –ServiceContext $serviceContext –TargetApplication $targetApp –Field $fields –Administrator $adminClaim -CredentialsOwnerGroup $userClaim$firstCredential=ConvertTo-SecureString $targetApplicationUserName –AsPlainText –Force$secondCredential=ConvertTo-SecureString $targetApplicationUserPassword –AsPlainText –Force$credentialValues=$firstCredential,$secondCredentialUpdate-SPSecureStoreGroupCredentialMapping –Identity $ssApp –Values $credentialValues