Protect access to your credential store
J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen
Ensure only those accounts that require access are granted access to your credential store. This helps to protect the credential store by limiting access to it. For example, consider limiting access to only your application's account. Ensure that the connection string used to identify your credential store is encrypted.
Also consider storing your credential database on a physically separate server from your WCF application server. This makes it harder for an attacker to compromise your credential store even if he manages to take control of your server.