Sharing Secrets

Sharing passwords is crucial for information technology teams. Due to the sensitive nature of sharing secure information, Secret Server ensures shared passwords are tracked and guarded.

Permissions

There are three permission levels to choose from when sharing secrets with another user or group:

  • View: User may see all secret data, such as username and password, and metadata, such as permissions, auditing, history, and security settings.
  • Edit: User may edit the secret data. Also allows users to move the secret to another folder unless the Inherit Permissions from Folder setting is turned on, in which case the user needs Owner permissions to move the secret.
  • List: User may see the secret in a list, such as a list returned by running a search, but not to view any more details about a secret or edit it.
  • Owner: User may change all the secret's metadata.
Password text-entry fields are not visible if a secret has a launcher and the Hide Launcher Password setting is on or the user does not have the View Launcher Password role permission. See the table below.

Secrets can be shared with either groups or individual users. The Secret Sharing section allows secrets to be configured for access.

Password Visibility

Password visibility in the password text box depends on secret access permission, role permissions, and secret security policy settings. The following table shows the possible combinations and their password visibility result.

Table: Password Visibility Determinants

Secret Access Permission View Launcher Password Role Permission Hide Launcher Password Policy Setting Password Visible
Owner No On No
Owner Yes On Yes
Owner Yes Off Yes
Owner No Off Yes
Edit Yes On No
Edit No On No
Edit Yes Off Yes
Edit No Off Yes
View Yes On No
View No On No
View No Off No
View Yes Off Yes
List Yes On No
List No On No
List Yes Off No
List No Off No

Procedure

To add or remove secret sharing:

To simplify the sharing process, new secrets automatically inherit the settings from the folder they are stored in. That is, we enable the Inherit Permissions from Folder check box on the Sharing Edit page by default, so secrets inherit all the parent folders' sharing settings. As long as this check box is selected, you cannot set the permissions for the secret. For more on folder security, see the Folders section.
If integrated with Delinea Platform and not restricted by teams, and having the Administer Platform Integration or Add From External Directory permissions, you will see a toggle to "Add From External Directory". Enabling that toggle will allow you to search directories connected via Delinea Platform and add new users or groups when sharing secret permissions.

  1. View the secret you want to share.

  2. Click the Sharing tab.Click the Sharing tab.

  3. Click the Edit link. The page becomes editable:

  4. Uncheck any existing permission you want to delete on Save.

  5. Type any user or group you want to share with in the Add Groups / Users search text box.

  6. When the user or group appears in the dropdown list, click to select it. The user or group appears in the Shared with table.

  7. Click the unlabeled permission dropdown list box to select the desired permission.

  8. Repeat the process for additional users or groups.

  9. Click the Save button to commit the changes.

  10. Clicking Cancel will undo any changes and clicking save will apply all pending changes.

You can also modify sharing settings for users or groups that already have sharing enabled for the secret. If a user or group is not displayed, they do not have access to the secret.