Using Secrets on the Platform

This page provides an overview of the Delinea Platform's core vaulting features and functions, which are built on the industry-leading technology of Secret Server Cloud.

For New Business Users

Secret Server has its own complete documentation set, and the information at the following link is specifically relevant to new, non-administrator users: Secret Server End User Guide.

For New Administrators

The information at the following link is specifically relevant to new administrators: Secret Server Cloud Quick Start

For Existing Secret Server Customers

On the Delinea Platform, secrets work the same way they work in Secret Server. The two systems share secrets and pinned folders, as well as administrative privileges, permissions, and access settings. Once you are logged in to the Delinea Platform, you will have the same access rights to secrets inside Secret Server as you did with the standalone Secret Server Cloud.

Accessing Secret Server from the Platform

To access Secret Server from the platform, simply hover over Secret Server in the left-side navigation.

For more detailed information about the left-side navigation, please see Primary Navigation.

Secrets

Secrets are individually named packets of sensitive information, such as passwords. Secrets address a broad spectrum of secure data, each type represented and created by a secret template that defines the parameters of all secrets based on it. Secrets are very powerful and provide many ways of controlling and protecting their data. All secret text-entry field information is securely encrypted before being stored in the database, including a detailed audit trail for access and history. For more information about secrets, see the following pages in the Secret Server documentation:

• Viewing Secrets (includes checking expiration and history)
• Deactivating and Reactivating Secrets

Creating Secrets

You create a secret based on a secret template. There are many built-in specialized templates, with required fields that differ based on the purpose and type of secret you want to create. If you do not find a suitable template available, you can create a custom template.

For detailed information, see:

• Creating Secrets

• Secret Configuration Options
• Editing Secrets (includes manually changing passwords, instead of waiting for expiration)

Checking Out Secrets

The Secret Server check-out feature grants exclusive access to the secret for a single user for one or more pre-defined periods of time. No other user can access a secret while it is checked out, except for administrators with unlimited privileges. For more information about checking out secrets, see:

• Checkout Overview

Launching Secrets

Secrets are launched with tools named launchers. Launchers enable users to securely and conveniently access remote systems and applications using stored credentials without manually entering passwords. There are Remote Desktop Protocol (RDP) launchers for Windows sessions, SSH launchers for Unix systems, and web launchers for automatic website logins. You can also build custom launchers.

For detailed information, see:

• Overview of Secret Launchers and Protocol Handlers

• Using Secrets on Websites (Web Password Filler)

Secret Folders

Secret folders allow you to create containers for secrets, based on your needs. For example, you can use folders to organize secrets by customers, computers, regions, or branch offices. Folders can be nested within other folders to create sub-categories for each set of classifications. Secrets can be assigned to these folders and sub-folders.

You can customize permissions at the folder level so that each secret in a folder inherits the folder's permissions. Setting permissions at the folder level also ensures that future secrets added to that folder will all have the same permissions, greatly simplifying management across users and groups.

Creating Folders

To create folders, you must have a role with the "administer folder" permission. You also must have edit or owner permission for the parent folder. For detailed information, see Creating Folders.

Moving Secrets Between Folders

To add or move a secret to a folder, you must have edit permission on that folder (either directly or through inheritance). When a secret is moved to a folder, it automatically gets the "Inherit Permissions from folder" setting, even if it had specific permissions before the move.

To move a secret from a folder, you must have edit permission on that secret. If the secret has the "Inherit Permissions from folder" setting enabled, you must have owner permission to move that secret to a new folder.

For detailed information, see Adding and Moving Secrets Between Folders.

Credential Management

The Delinea Platform provides several features for credential management.

Discovery

Discovery is a powerful feature designed to help organizations discover and manage privileged accounts, credentials, and other sensitive information across their IT infrastructure. It enables IT teams to gain visibility into all of their systems, applications, and devices, and identify potential security risks and vulnerabilities.

By scanning and analyzing systems and applications, discovery can detect and classify privileged accounts and credentials, including those that are inactive or hidden. You can automatically find local Windows accounts, Active Directory services, Unix, VMware ESX/ESXi, and Active Directory domain accounts.

For more information about discovery, see the following:

• Discovery Overview
• Introduction to Discovery Sources, Scanners, and Templates
• Running and Interpreting Active Directory Discovery

Distributed Engines

Secret Server distributed engines, or simply engines, are a powerful solution that enables organizations to manage privileged access across their entire infrastructure while maintaining security, control, and scalability. Organizations can scale their privileged access management infrastructure to meet the needs of large and distributed environments.

With engines, organizations can distribute the load of managing privileged accounts and credentials, allowing for faster response times and improved performance. They also enable organizations to maintain control over their sensitive data, with each instance of Secret Server being fully auditable and traceable.

For more information about distributed engines, see Distributed Engine Overview.

Remote Password Changing

Secret Server Remote Password Changing (RPC) is a credential rotation feature that enables IT teams to automatically change passwords for privileged accounts on remote systems and devices, without requiring direct access to those systems. This improves security and reduces the risk of security breaches caused by weak or compromised passwords. Organizations can automate changing passwords for privileged accounts on a schedule or in response to specific events. This includes local and domain accounts on Windows, Unix, Linux, and other systems, as well as service accounts, database accounts, and other types of credentials.

For more information about remote password changing, see the following:

• Remote Password Changing Overview
• Automatic Remote Password Changing
• Understanding Expiration, Auto Change and Auto Change Schedules

Auditing Privileged Account Activity

Secret Server provides a range of features for auditing privileged account activity, including:

• Advanced Session Recording
• Audit Logs
• Alerting and Notifications
• Reporting

Advanced Session Recording and Management

Secret Server Advanced Session Recording is a feature that allows organizations to monitor and record privileged sessions in real time. It provides an additional layer of security by capturing all user activity during privileged sessions, including commands entered, files accessed, and changes made to the system or application. It also enables IT teams to investigate security incidents and respond quickly to potential threats by providing a detailed record of user activity and enabling them to identify suspicious or unauthorized behavior.

With Advanced Session Recording, organizations can review session recordings for auditing purposes and use advanced search and filtering capabilities to quickly find specific events or actions. They can also configure policies to automatically trigger recording based on specific events or actions and limit access to session recordings to authorized personnel only.

For more information about advanced session recording, see Advanced Session Recording Overview.

Audit Logs

Secret Server auditing is a feature that enables organizations to monitor and record all activities related to privileged accounts and credentials. It provides an additional layer of security by capturing detailed logs of all user activity, including login attempts, password changes, and access to sensitive data. Organizations can review audit logs and use advanced search and filtering capabilities to quickly find specific events or actions. Audit information is primarily available through reports and alerts. For more information, see Secret Audit Log.

Alerts

Secret Server provides a range of alerts that can be configured to notify administrators of specific events or actions related to privileged accounts and credentials. Administrators can configure the alerts to be sent in email, SMS, or through a third-party system, and can set up different alerts for different users or groups. This helps organizations respond to potential security threats in real time and ensure that their privileged accounts and credentials are being used appropriately.

For more information, see:

• Inbox
• Event Subscriptions
• Event Pipelines

Built-in Reports

Secret Server includes many preconfigured reports that you can run or use as templates for creating custom reports.

For more information, see:

• Configuring Session Recording

• Built-in Reports