Deactivating and Reactivating Secrets

Deactivating (previously called "deleting") a secret is not the same as erasing one—the former hides it but it can still be viewed or undeleted by administrators—the latter is a permanent removal of data and requires more effort, including an access request. Deleting secrets is common. Erasing them is rare, only needed in special circumstances. See Erasing Secrets for details.
We strongly recommend against deactivating or erasing large numbers of secrets, both of which negatively affect performance over time. Secret Server is not a transactional system—it is not designed to handle large numbers of deactivations or erasures. Deactivated or erased secrets continue to use database table resources forever. Even erased secrets leave a database record even though the secret data is permanently deleted. Erasure is for regulatory compliance and not database clean up.

To deactivate a secret:

  1. Navigate to the secret View page by searching or drilling down the folder tree.

  2. Click the Options dropdown list and select Deactivate. A confirmation appears.

  3. Click the Confirm Deactivate button.

  4. The secret is logically deleted and hidden from users who do not have a role containing the View Inactive Secrets permission.

    Secret Server uses deactivations to maintain the audit history for all data. However, deactivated secrets are still accessible by administrators (like a permanent Recycle Bin) to ensure that audit history is maintained and to support recovery. A user must have the View Inactive Secrets permission in addition to Owner permission on a secret to access the secret View page for a deactivated secret. For more information about these permissions, see Roles and Sharing Secrets.

To reactivate a secret:

  1. Navigate to the secret view page.
  2. Click the Active menu link and select Inactive. The secret list now shows inactive secrets.
  3. Click the name link for the desired secret. Its secret page appears.
  4. Click the Options button and select Activate.
Secrets can also be deactivated and reactivated in bulk. See Running Dashboard Bulk Operations.