Configuring Secret Server as a Vault in Qualys
You must configure Secret Server as a vault within Qualys by specifying the Secret Server URL and the credentials to access your Secret Service instance.
Instead of manually adding the user name and password for use in trusted scans, the administrator can point to named records stored in Secret Server, and Qualys will retrieve the credentials from Secret Server at scan time.
Adding a New Authentication Vault in Qualys
-
Navigate to Scans > Authentication > New > Authentication Vaults.
-
Select Secret Server as the vault type.
-
Enter the following information to enable Qualys to access your Secret Server instance:
- URL: The URL of your Secret Server instance.
Add /sswebservices/sswebservice.asmx to your Secret Server URL to obtain the URL for the web services, like this: https://yoursecretserver/secretserver/webservices/sswebservice.asmx.
If you do not have SSL enabled, the web services can still be accessed via http, but it is not advisable for production systems. The vault is accessed from the scan agent, so the Secret Server website must be reachable from the Qualys scanner appliance—not the Qualys cloud instance.
- User Name: The user account for accessing Secret Server. This user account must be the application account that you created for the integration in Secret Server. Ensure that this username is the same as the secret's username.
- URL: The URL of your Secret Server instance.
Add /sswebservices/sswebservice.asmx to your Secret Server URL to obtain the URL for the web services, like this: https://yoursecretserver/secretserver/webservices/sswebservice.asmx.
-
Go to Advanced and select the Application Accountcheckbox.
-
Select Save.
