Using Secrets

This page provides an overview of the Delinea Platform's core vaulting features and functions, which are built on the industry-leading technology of Secret Server Cloud. On the Delinea Platform, secrets work the same way they work in Secret Server. The two systems share secrets and pinned folders, as well as administrative privileges, permissions, and access settings.

Secret Server Overview

Delinea Secret Server is an enterprise-grade solution for privileged access management (PAM), designed to help organizations securely store, manage, and control access to privileged credentials. It aims to improve the security of sensitive data, reduce the risk of data breaches, and streamline the password-management process.

Secret Server Cloud (SSC) is a scalable, multi-tenant cloud platform hosted on the Microsoft Azure infrastructure. All backend services, databases, and redundancy are securely managed by Delinea. Customers do not have direct access to the databases or application file system.

Secret Server is also available as an on-premise solution named Secret Server On-Premise.

Secret Server Documentation for New Users

Secret Server Cloud also has its own complete documentation set. The information at the following links is specifically relevant to new users:

• Secret Server Cloud Quick Start (an orientation for new administrators) Secret Server Cloud Quick Start
• End User Guide (a guide for non-administrator users)

Secret Server Key Features

• Secure Password Storage: Secret Server stores privileged credentials in an encrypted format, protecting sensitive information from unauthorized access.
• Access Control: Secret Server implements role-based access control, allowing administrators to set permissions and control who has access to sensitive information.
• Privilege Escalation Management: Secret Server integrates with Windows systems to provide privilege escalation management, helping to reduce the risk of data breaches.
• Auditing and Reporting: Secret Server provides detailed audit logs and reports, making it easier for organizations to track access to sensitive information and detect any unauthorized activity.
• Automated Password Management: Secret Server supports automated password management, helping to streamline the password management process and reduce the risk of manual errors.
• Multi-Factor Authentication: Secret Server supports multi-factor authentication, helping to improve the security of sensitive information.
• Integration with Other Tools: Secret Server integrates with a variety of other tools, including Active Directory, Microsoft Azure, and cloud-based applications, making it easier for organizations to manage their passwords and access controls.

Secret Server Secrets

Secrets

Secrets are individually named packets of sensitive information, such as passwords. Secrets address a broad spectrum of secure data, each type represented and created by a secret template that defines the parameters of all secrets based on it. Secrets are very powerful and provide many ways of controlling and protecting their data. All secret text-entry field information is securely encrypted before being stored in the database, including a detailed audit trail for access and history. For more information about secrets, see the following pages in the Secret Server documentation:

• Viewing Secrets (includes checking expiration and history)
• Creating Secrets
• Secret Configuration Options
• Editing Secrets (includes manually changing passwords, instead of waiting for expiration)
• Deleting and Undeleting Secrets

Secret Folders

Secret folders allow you to create containers for secrets, based on your needs. For example, you can use folders to organize secrets by customers, computers, regions, or branch offices. Folders can be nested within other folders to create sub-categories for each set of classifications. Secrets can be assigned to these folders and sub-folders.

You can customize permissions at the folder level so that each secret in a folder inherits the folder's permissions. Setting permissions at the folder level also ensures that future secrets added to that folder will all have the same permissions, greatly simplifying management across users and groups. For more information about secret folders, see the following:

• Creating Folders
• Adding and Moving Secrets Between Folders

Checking out Secrets

The Secret Server check-out feature grants exclusive access to the secret for a single user for one or more pre-defined periods of time. No other user can access a secret while it is checked out, except for administrators with unlimited privileges. For more information about checking out secrets, see:

• Secret Checkout.

Credential Management

Discovery

Discovery is a powerful feature designed to help organizations discover and manage privileged accounts, credentials, and other sensitive information across their IT infrastructure. It enables IT teams to gain visibility into all of their systems, applications, and devices, and identify potential security risks and vulnerabilities.

By scanning and analyzing systems and applications, discovery can detect and classify privileged accounts and credentials, including those that are inactive or hidden. You can automatically find local Windows accounts, Active Directory services, Unix, VMware ESX/ESXi, and Active Directory domain accounts.

For more information about discovery, see the following:

• Discovery Overview
• How Discovery Works
• Introduction to Discovery Sources, Scanners, and Templates
• Running and Interpreting Active Directory Discovery

Distributed Engines

Secret Server distributed engines, or simply engines, are a powerful solution that enables organizations to manage privileged access across their entire infrastructure while maintaining security, control, and scalability. Organizations can scale their privileged access management infrastructure to meet the needs of large and distributed environments.

With engines, organizations can distribute the load of managing privileged accounts and credentials, allowing for faster response times and improved performance. They also enable organizations to maintain control over their sensitive data, with each instance of Secret Server being fully auditable and traceable.

For more information about distributed engines, see the following:

• Distributed Engine Overview

Remote Password Changing

Secret Server Remote Password Changing (RPC) is a credential rotation feature that enables IT teams to automatically change passwords for privileged accounts on remote systems and devices, without requiring direct access to those systems. This improves security and reduces the risk of security breaches caused by weak or compromised passwords. Organizations can automate changing passwords for privileged accounts on a schedule or in response to specific events. This includes local and domain accounts on Windows, Unix, Linux, and other systems, as well as service accounts, database accounts, and other types of credentials.

For more information about remote password changing, see the following:

• Remote Password Changing Overview
• Automatic Remote Password Changing
• Understanding Expiration, Auto Change and Auto Change Schedules

Auditing Privileged Account Activity

Secret Server provides a range of features for auditing privileged account activity, including:

1. Advanced Session Recording: Secret Server captures all user activity during privileged sessions, including commands entered, files accessed, and changes made to the system or application. This provides a detailed record of user activity, enabling IT teams to investigate security incidents and respond quickly to potential threats.
2. Audit Logs: Secret Server logs all activity related to privileged accounts and credentials, including login attempts, password changes, and access to sensitive data. This provides a complete audit trail of all privileged activity, enabling organizations to comply with regulatory requirements and industry standards.
3. Advanced Search and Filtering: Secret Server provides advanced search and filtering capabilities, enabling organizations to quickly find specific events or actions in audit logs. This saves time and helps IT teams to identify potential security risks or incidents more efficiently.
4. Alerting and Notifications: Secret Server enables organizations to configure policies to automatically alert administrators when specific events occur, such as failed login attempts or changes to system configurations. This helps organizations to respond to potential threats in real time.
5. Reporting: Secret Server provides a range of built-in reports, enabling organizations to generate customized reports on privileged account activity, user behavior, and compliance. This helps organizations to track progress and identify areas for improvement.

Advanced Session Recording and Management

Secret Server Advanced Session Recording is a feature that allows organizations to monitor and record privileged sessions in real time. It provides an additional layer of security by capturing all user activity during privileged sessions, including commands entered, files accessed, and changes made to the system or application. It also enables IT teams to investigate security incidents and respond quickly to potential threats, by providing a detailed record of user activity and enabling them to identify suspicious or unauthorized behavior.

With Advanced Session Recording, organizations can review session recordings for auditing purposes, and use advanced search and filtering capabilities to quickly find specific events or actions. They can also configure policies to automatically trigger recording based on specific events or actions, and limit access to session recordings to authorized personnel only.

For more information about advanced session recording, see Advanced Session Recording Overview.

Audit Logs

Secret Server auditing is a feature that enables organizations to monitor and record all activities related to privileged accounts and credentials. It provides an additional layer of security by capturing detailed logs of all user activity, including login attempts, password changes, and access to sensitive data. Organizations can review audit logs and use advanced search and filtering capabilities to quickly find specific events or actions. Audit information is primarily available through reports and alerts. For more information, see Secret Audit Log.

Alerts

Secret Server provides a range of alerts that can be configured to notify administrators of specific events or actions related to privileged accounts and credentials. Administrators can configure the alerts to be sent via email, SMS, or through a third-party system, and can set up different alerts for different users or groups. This helps organizations to respond to potential security threats in real-time and ensure that their privileged accounts and credentials are being used appropriately.

• Inbox
• Event Subscriptions
• Event Pipelines

Built-in Reports

Secret Server includes many pre-configured reports that you can run or use as templates for creating custom reports.

• Configuring Session Recording

• Built-in Reports