Configuring Secret Server

To configure Secret Server for the integration with Qualys, complete the following steps in the specified order:

  1. Step 1: Creating an Application Account in Secret Server. You must specify the name of the application account in the Secret Server vault record. This vault record provides information for accessing your Secret Serverinstance.

  2. Step 2: Creating a Secret in Secret Server. In the secret, you must provide the credentials to be used for authentication during scans.

  3. Step 3: Enabling Web Services in Secret Server

Step 1: Creating an Application Account in Secret Server

The integration requires an application account in Secret Server. The application account is part of the information that Qualys uses to access your Secret Server instance. If you don't have an application account, you can create one. For more information about creating an application account, see Managing Local Accounts in the Secret Server documentation.

The application account must have a role with the View Launcher Password on Secrets and View Secret permissions in Secret Server. The following procedure describes how to create a role with these permissions and how to assign the role to the application account.

To create a role with the required permissions and assign it to the application account:

  1. In Secret Server, navigate to Access > Roles.

  2. Select Create role.

  3. In the Create role dialog, provide a name and an optional description for the new role, and select Save.

  4. Go to the Permissions tab for the role.

  5. Select Edit and in the Scope dropdown list, select All.

  6. Search for the View Launcher Password on Secrets permission by using the search box at the top.

  7. Select the checkbox next to the permission name and select Save.

  8. Repeat steps 6–7 to add the View Secret permission to the role.

    The Permissions tab shows the permissions added to the role.

  9. Assign the role to the application account:

    1. Navigate to Access > Users.

    2. On the User management page, search for and select the application account.

    3. On the user page, go to the Roles tab and select Edit.

    4. In the window that appears below, search for and select the role that you created and select the checkbox next to the role name.

    5. Select Save.

Step 2: Creating a Secret in Secret Server

You must create a secret in Secret Server to store the credentials that you want to use for authentication during scans. You must share the secret with the application account that you created for the integration to enable the retrieval of the credentials from the secret.

To create a secret and share it with the application account:

  1. In Secret Server, select Secrets > All secrets.

  2. In the Create new secret dialog, do the following:

    1. (Optional) Change the default folder.

      Make sure that the application account has the View permission for the folder. For more information about folder permissions, see Folder Permissions in the Secret Server documentation.

    2. Under Choose a secret template, select the template from which to create a secret.

    3. You can use any template that fits your needs.

    4. Enter a name for the secret and the username and the password to store in the secret.

    5. Provide values for the other secret fields according to the template.

    6. Select Create secret.

  3. Share the secret with the application account:

    1. Go to the Sharing tab of the secret's page.

    2. Select Edit in the upper-right corner.

    3. Clear Inherit permissions.

    4. Search for the application account by using the search box at the top.

    5. Select the check box to the left of the application account name and then select View in the dropdown list under Secret Permissions.

    6. Select Save.

Step 3: Enabling Web Services in Secret Server

The integration requires that web services be enabled in Secret Server to access Secret Server over HTTP or HTTPS. To enable web services in Secret Server, perform the following steps:

To enable web services in Secret Server:

  1. In Secret Server, navigate to Settings > All settings > Configuration.

  2. Under General, select Application.

  3. On the Application page, if Enable webservices is set to No, select Edit and then select the Enable webservices checkbox.