Creating or Editing Secret Templates

Editing Secret Templates

  1. Select Admin > Secret Templates. The Secret Templates page appears:

    image-20211117145841077

  2. Click the template name in the Secret Templates column. That template's page appears:

    image-20211117150045479

  3. Click the desired tab for the configuration you want to change. See the Creating or Importing a New Template section for details.

Creating or Importing a New Template

Task 1: Creating the Template

  1. Select Admin > Secret Templates. The Secret Templates page appears:

    image-20211117145841077

  2. Click the Create Template button. The Create Template pop-up page appears:

    image-20211117150610942

  3. If importing the template, click to select the Import XML selection button.

  4. Type the name of the new template in the Template Name text box.

  5. Click the Save button. The new template's setup page on the General tab appears:

    image-20211117151412919

    The page provides all the options for configuring a secret template, as well as which text-entry fields appear on any secret created from that template.

Task 2: Adding General Settings and Setting an Expiration or One-Time Password

  1. On the General tab, click the Edit link in the Template Settings section. The section becomes editable:

    image-20211117152221869

  2. Edit the setting as desired. They include:

    • Secret Template Name text box.
    • Name Pattern text box. See Template Naming Patterns.
    • Description: An optional description for the template.
    • All History check box: If this check box is enabled, Secret Server keeps all entries for viewing. This feature creates a record of every name used when a new secret is created.
    • Secret name History Length text box: If All History is disabled, Secret Server keeps this number of entries for viewing.
    • Validate Password Requirements on Create? check box: Ensure requirements are met on secret creation.
    • Validate Password Requirements on Edit? check box: Ensure requirements are met when editing secret.

  3. Click the Save button.

  4. Click the Edit link for the Template Expiration section:

    image-20211117152851592

    Secret expiration applies to one field of a secret template (most commonly the password field) and may trigger a password change for that secret if auto-change is enabled for RPC.

  5. Click to select the Expiration Enabled? check box. New controls appear:

    image-20211122154820262

  6. Type the days till expiration in the Days until Expiration text box.

  7. Click the Change Required On dropdown list to select the field to choose the field the expiration is applied to.

  8. Click the Save button.

  9. Secret Server begins providing alerts if the secret text-entry field is not changed within the specified expiration requirements.

  10. Click the Edit link for the One Time Password section if you want the secret to have a one-time password that the user must change:

    image-20211117154640042

  11. Click to select the One Time Password Enabled check box. Additional controls appear:

    image-20211122160449604

  12. Type or select the options.

  13. Click the Save button.

Task 3: Defining Fields for the Template

Click the Fields tab to add template fields as desired. See Secret Template Fields.

To use a custom SSH RPC port, add a field named "Port" to your secret template. Empty port fields are equivalent to the default port, 22.

Task 4: Mapping Launchers and RPC Type

  1. Click the Mapping tab to configure launchers and RPC:

    image-20211118090312070

  2. Click the Edit link in the Password Changing section to enable RPC on secrets based on this template. This enables heartbeat, RPC, and configures the password changer type and fields. For details, see Remote Password Changing.

  3. Click the Add Mapping button to add a secret launcher or extended mapping. The Add Mapping popup appears:

    image-20211118090951599

  4. Click the Mapping Type combination list to search for or select a mapping type:

    Launchers:

    • Batch Launcher
    • Custom PowerShell Launcher
    • IBM iSeries Launcher
    • Notepad
    • PowerShell Launcher
    • PuTTY
    • PuTTY With Port Prompt
    • Remote Desktop
    • Secure CRT (Proxied)
    • Secure CRT Proxied Process
    • Secure CRT Proxied with Van Dyke File Path
    • SQL Server Launcher
    • Sybase iSQL Launcher
    • Ultra VNC

    Website Logins:

    • OATH Secret Key

    • Regex List

    • Remote Server SSH Key for Validation

    • SSH Private Key

    • Username and Password

    • z/OS Launcher

    The popup changes to accommodate your choice. For example, for a Web server:

    image-20211118092532584

    A secret launcher launches applications on other machines and automatically logs on using credentials stored in Secret Server. In general, there are three types of launchers: RDP, SSH, and Custom. In addition to user convenience, launchers can circumvent users needing to know their passwords—a user can still gain access to a needed machine but it is not required to view or copy the password out of Secret Server. A Web launcher automatically logs into websites using the client's browser.

  5. Click to select or type to search the desired dropdown lists.

  6. Click the Save button.

Task 5: Adding Permissions

  1. Click the Permissions tab:

    image-20211118131110178

    This defines who can create secrets of this type or manage this secret template.

  2. Click the Add button. The Users popup appears:

    image-20211118131341865

  3. Type the name of the user or group you want to add in the Search text box. Note that the groups are by domain.

  4. Click to select the user or group's check box for those you desire.

  5. Click the Add button. The selected users or groups appear on the Permissions tab:

    image-20211118132442128

  6. Click the dropdown list next to each to define if the user or group has the Template Create Secret or Template Owner permission. More than one owner is allowed.

  7. Click the Save button the users or groups now appear in a small table, along with their roles (permissions).

  8. To remove a user or group:

    1. Click the Edit link for the Secret Template Permissions section. The table of users and groups disappears, and the dropdown lists reappear.
    2. Click the dropdown list for the user or group you want to delete and select <None>.
    3. Click the Save button

Task 6: Viewing the Template's Audit Trail

  1. Click the Audit tab to view activity on the secret template:

    image-20211118133815211

    You cannot drill down on the entries, but you can define what columns to see by clicking the slider icon on the right. You can also click the download icon to download a text file version of the table:

    image-20211118134056243

Settings for Specific Template Types

Oracle Account as SYS

Settings for an Oracle Account secret template to work with Oracle connecting as SYS in SysDBA:

  • Set Oracle Account as the type.

  • Set Oracle Account (AS SYS) as the password type.

  • Create a secret based on the new template to test the template.

SQL Windows Authentication Account Secret Template and Launcher

Settings for an Active Directory template that is specifically for SQL:

You can copy the existing AD template that you have. However, if you copy an existing template that has launchers attached to it, you may need to delete those launchers on the newly created template.

  • Set Active Directory as the type.

  • If necessary, create a field called Server.

  • Add the following parameters for Windows settings (see Creating Custom Launchers):

    • Name: SQL Server Launcher - Windows Authentication
    • Active: Yes
    • Process Arguments: -E -S $Server ($Server should match the field name you created or observed earlier)
    • Run Process as Secret Credentials: Yes
    • Load User Profile: Yes
    • Use Operating System Shell: No
    • Use Additional Prompt (in General Settings): No