Integrating StrongDM with Secret Server
The StrongDM integration with Delinea Secret Server lets organizations use Secret Server as a centralized secret store for credentials that StrongDM relays and gateways need to authenticate to downstream resources (databases, servers, Kubernetes clusters, web apps, and more). Credentials remain inside Secret Server, they are never transmitted to or stored by StrongDM. When a user connects to a StrongDM resource, the gateway or relay authenticates to the credential source, fetches the required secret in real time, and then establishes the proxied session to the target resource.
The integration supports all three Delinea deployment models:
-
Secret Server On-Premises: configured via the
DELINEA_SERVER_URLenvironment variable on the StrongDM gateway/relay, or via the Server Address field in the StrongDM Admin UI. Authenticates with a Secret Server Application Account user. -
Secret Server Cloud: configured via the
DELINEA_API_TENANTenvironment variable on the StrongDM gateway/relay, or using the Tenant Name field in the StrongDM Admin UI (tenant taken from the Secret Server Cloud URL. For example fromhttps://example.secretservercloud.com). Authenticates with a Secret Server Application Account user. -
Delinea Platform (available since May 2026): native Platform authentication. The StrongDM relay or gateway can now use a service user created on the Delinea Platform (not on Secret Server) to authenticate against the Platform OAuth2 token endpoint, and then call Secret Server APIs from the Platform using that same token. This eliminates the need to maintain a separate Secret Server-local application account when running on the Platform.
Use Cases
This integration supports the following use cases:
-
Centralized credential storage: Keep all StrongDM-brokered resource credentials in Secret Server. Credentials never leave the customer’s infrastructure.
-
Reduce standing privilege: Combine Secret Server vaulting and rotation with StrongDM’s just-in-time, real-time access control across hybrid and cloud environments.
-
Unified PAM for human and machine identities: One vault for human admins, DevOps pipelines, and AI agents accessing protocol-level resources through StrongDM.
-
Seamless upgrade: Existing StrongDM + Secret Server integrations continue working through Platform migration when the same application account is preserved.
For more information about this integration, see the following topics: