Secret Launchers and Protocol Handlers

A secret launcher launches applications on end-user machines and automatically logs on using credentials stored in Secret Server. In general, there are three types of launchers: RDP, SSH, and Custom. This provides a convenient method to open RDP and PuTTY connections, but it also circumvents users needing to know their passwords—a user can still gain access to a needed machine but it is not required to view or copy the password out of Secret Server. A Web launcher automatically logs into websites using the client's browser.

A protocol handler is an application on an end-user's machine. It enables communication between Secret Server and that client machine. It also provides the files needed by launchers. When a Secret Server user starts a launcher:

1. The protocol handler bootstraps the client-side application.

2. The protocol handler communicates with Secret Server over HTTP(S) to ensure that it is the latest version. If not, it begins an upgrade process.

3. The protocol handler bootstraps the target launcher type and begin the process of securely logging in the user. Beyond HTTP(S) transport protection, credentials are retrieved securely from Secret Server using signed AES-256-encrypted messages.