DoubleLocks

Secret Server's doublelock is a feature that provides an additional security layer by protecting secret data using asymmetric encryption (a public/private key pair) where the private key is a human-generated password. This feature is independent of regular permissions, Secret Server login access, or physical access to the machine running Secret Server.

A shortcut way of thinking about doublelocks is as an extra password for secrets that is held by a set group of users. In addition, both the password and the group of users are reusable for other secrets.