Secret Server Glossary
Table: Terms and Definitions
Term | Definition | Description |
---|---|---|
2FA | Two-Factor Authentication | A security process in which a user provides two different authentication factors to verify their identity. Typically, this includes something they know (like a password) and something they have (such as a mobile device with a verification code). |
AAD | Azure Active Directory | A cloud-based identity and access management service by Microsoft that allows users to sign in and access multiple resources such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications. |
AC | Access Control | The process of granting or denying specific authorization to access data, functions, and other computer resources. It ensures that users access only what they are allowed to and prevents unauthorized users from accessing sensitive information. |
Access Offline Secrets on Mobile | Role permission: Allows a user to cache their Secrets in the Secret Server mobile application for offline use. This permission does not automatically come with the Administrator role. | |
Access Request | The access request feature allows a secret to require approval prior to accessing the secret. | |
Access Request Workflows | See Workflows. | |
Account Lifecycle Manager (ALM) | Account Lifecycle Manager (ALM) controls the creation, management, and decommissioning of Active Directory Service Accounts running on your organization’s network. | |
ACE | Access Control Entry | A part of an access control list that specifies the user or group permissions for a specific object, such as a file or directory. |
ACL | Access Control List | A list of permissions attached to an object that specifies which users or system processes can access that object and what operations they can perform. |
ACS | Access Control Server | A server used to authenticate and authorize users. It typically integrates with network access devices and identity databases to provide access control services. |
Active Directory Account | Built-in secret template. | |
AD | Active Directory | A Microsoft technology used to manage computers and other devices on a network. It includes a range of services, such as LDAP directory services and Kerberos-based authentication. |
Add Secret | Role permission: Allows a user to create new Secrets. The Add permission no longer include the role permission View Secret. | |
Add Secret (Folder Permission) | Allows the user to add a secret in that folder. Does not grant access to the added secret. | |
Add Secret Custom Audit | Role permission: Allows a user to make a custom audit entry when accessing a Secret using the web services API. | |
ADFS | Active Directory Federation Services | A software component developed by Microsoft that provides single sign-on (SSO) to authenticate a user in multiple web applications in a single session. |
ADGUID | Active Directory Globally Unique Identifier | A unique identifier used within Microsoft's Active Directory for objects. |
ADM | Administrator | |
Administer Active Directory | Role permission: Allows a user to view domains, edit existing domains, delete domains, and add new domains. Also allows a user to force synchronization or set the synchronization interval. | |
Administer Automatic Export | Role permission: The user can do everything the other automatic export permissions allow and edit the automatic export configuration. | |
Administer Backup | Role permission: Allows a user to view and configure automated backups for Secret Server. Users with this role permission can change the backup path, disable backups, and set the backup schedule. | |
Administer Configuration | Role permission: Allows a user to view and edit general configuration options. For example, a user with this role permission can turn on "Force HTTPS/SSL" and disable "Allow Remember Me". | |
Administer Configuration Proxying | Role permission: Allows a user to view and edit SSH Proxy settings. | |
Administer Configuration SAML | Role permission: Allows a user to view and edit SAML integration settings on the Login tab of Configuration settings. | |
Administer Configuration Security | Role permission: Formerly "Administer Security Configuration," allows a user to view and edit security configuration options in Secret Server. Currently, these include enabling FIPS compliance mode and protecting the encryption key. | |
Administer Configuration Session Recording | Role permission: Allows a user to view and edit session recording settings on the Session Recording tab of Configuration settings. | |
Administer Configuration Two Factor | Role permission: Allows a user to change the configuration settings of the two factor authentication that are available for users logging into Secret Server. | |
Administer Configuration Unlimited Admin | Role permission: Formerly "Administer Unlimited Admin Configuration," allows a user to turn on Unlimited Admin Mode. When this mode is enabled, users with the "Unlimited Administrator" role permission can view and edit all Secrets in the system, regardless of permissions. Note that you can assign "Administer Unlimited Admin Configuration" to one user and "Unlimited Administrator" to another user. This would require one user to turn on the mode and another user to view and edit secrets. | |
Administer ConnectWise Integration | Role permission: Allows a user to view and edit configuration options for synchronizing with ConnectWise. This can be accessed through the "Folder Synchronization" link on the Administration page. Note that you need at least view access on the sync folder in order to set up or edit the ConnectWise integration. | |
Administer Create Application Accounts | Role permission: Formerly "Create Application Account", allows a user to create application user accounts to be used exclusively for accessing Secret Server via the API. | |
Administer Create Users | Role permission: Allows a user to create new local users in Secret Server, but not edit them once created. | |
Administer Custom Password Requirements | Role permission: Allows a user to view and edit custom password requirements that can be configured under the Security tab for individual Secrets. | |
Administer Data Retention | Role permission: Can manage audit data retention, such as editing and running now. This permission does not automatically come with the Administrator role. | |
Administer DevOps Secrets Vault Tenants | Role permission: Add, remove, and edit DSV tenants that automatically synchronize with Secret Server on a schedule. | |
Administer Disaster Recovery | Role permission: Allows a user to configure instances as data sources or replicas for Disaster Recovery. Also allows user to initiate or test Data Replication and view related logs and audits. | |
Administer Discovery | Role permission: Allows a user to view and import computers and accounts that are found by Discovery. | |
Administer Distributed Engine Configuration | Role permission: Allows a user to update the Distributed Engine configuration. | |
Administer DoubleLock Keys | Role permission: Allows a user to view, edit, create, and disable DoubleLock keys. A DoubleLock key acts as a separate encryption key to protect your most sensitive secrets. This option allows users to access and use the "DoubleLocks" link on the Administration page. | |
Administer Dual Control | Role permission: Allows a user to view, edit, create, and disable Dual Control settings for reports and recorded sessions. | |
Administer Event Subscriptions | Role permission: Allows a user to view, edit and create event subscriptions. | |
Administer Export | Role permission: Allows a user to view the export log. Also allows users to export Secrets to which they have access to a clear text, CSV file. | |
Administer Folders | Role permission: Allows a user to view, edit, create, move, and delete folders. Users still need the relevant view, edit, and owner permissions on the folders to perform these tasks. | |
Administer Groups | Role permission: Allows a user to view, edit, create, and disable groups. Also allows users to assign users to groups and remove users from groups. | |
Administer HSM | Role permission: Allows a user to change configuration or disable the use of a Hardware Security Module (HSM). | |
Administer Inbox | Role permission: Administer notification settings for the inbox. | |
Administer IP Addresses | Role permission: Allows a user to create, edit, and delete IP Address Ranges. These ranges are used to restrict certain users to specific IP Addresses. | |
Administer Jumpbox Route | Role permission: Allows a user to create, edit, or deactivate jump server routes. | |
Administer Key Management | Role permission: Allows a user to enable, change, or disable the Key Management (Secret Server Cloud only). | |
Administer Languages | Role permission: Allows a user to change the default language of Secret Server. | |
Administer Licenses | Role permission: Allows a user to view, edit, install, and delete licenses. | |
Administer Lists | Role permission: Add, remove, and modify lists and list contents in Admin > Lists. | |
Administer Metadata | Role permission: Manage metadata fields and sections added to secrets and users in Secret Server. | |
Administer Nodes | Role permission: Allows a user to view and edit server nodes and clustering settings. | |
Administer OpenID Connect | Role permission: Allows a user to manage OpenID connections. | |
Administer Password Requirements | Role permission: Allows a user to view and edit character sets and password requirements. | |
Administer Pipelines | Role permission: Allows a user to create, edit, and remove event pipelines and event pipeline policies. | |
Administer Platform Integration | Role permission: Allows a user to manage the Secret Server connection to the Delinea platform. | |
Administer Remote Password Changing | Role permission: Allows a user to turn Heartbeat and Remote Password Changing on and off globally. Also allows users to create new password changers and install password changing agents on remote machines. | |
Administer Reports | Role permission: Allows a user to view, edit, delete, and create reports. Also allows users to customize report categories. | |
Administer Role Assignment | Role permission: Allows a user to view which users and groups are assigned to which roles. Also allows users to assign users and groups to different roles. | |
Administer Role Permissions | Role permission: Allows a user to view, edit, create and delete roles. Also allows users to assign different permissions to each role. | |
Administer Scripts | Role permission: Allows a user to view, edit, and add PowerShell, SQL, and SSH scripts on the Scripts Administration page. | |
Administer Search Indexer | Role permission: Allows a user to view and edit search indexer options. These options control how searching in Secret Server works. For example, a user with this role permission could enable search indexing, which allows users to search on fields within a secret. | |
Administer Secret Policy | Role permission: Allows a user to create and edit Secret Policies.' | |
Administer Secret Templates | Role permission: Allows a user to view, edit, disable, and create Secret Templates. | |
Administer Security Analytics | Role permission: Allows a user to view and edit the settings for Privilege Behavior Analytics. | |
Administer Session Monitoring | Role permission: Allows a user to view and terminate active launcher sessions. | |
Administer SSH Menus | Role permission: Allows a user to edit and create SSH Menus, used in allowlisting commands that can be used on a SSH session. | |
Administer System Log | Role permission: Allows users to view and clear the System Log, which shows general diagnostics information for Secret Server. | |
Administer Teams | Role permission: Users can create, delete, and view all teams. | |
Administer Template Custom Columns | Role permission: Allows a user to enable the "Expose for Display" setting of a Secret template field to make it available for use in Dashboard custom columns. | |
Administer Users | Role permission: Allows a user to create, disable, and edit users in the system. This permission also allows a user to create and edit SDK/CLI rules. | |
Administer Workflows | Role permission: Allows users to manage workflows (advanced access management). | |
Administration Side Panel | The administration side panel and page is a control panel for administering Secret Server. | |
Administrator | Administrator is a default role that comes preconfigured with. Roles control access to features within. This role can be customized to have different permissions. In this guide, administrator (lowercase) is used when referring to users who manage the system and have control over global security and configuration settings. Note that administrators in do not automatically have access to all data stored in the system—access to data is still controlled by explicit permissions on that data. | |
ADMX | Administration XML | An ADMX file is a Group Policy Administrative Template file used with the Group Policy Management Console (GPMC) in Microsoft Windows operating systems. “.admx” is the file extension. The file format is XML-based and replaces the older ADM format, which was used in earlier versions of Windows. |
ADS | Advanced Directory Services Integration. | Allows Secret Server to integrate with Active Directory for user authentication and management. |
ADSI | Active Directory Service Interfaces | A set of COM interfaces used by Windows to interact with and manage Active Directory. |
Advanced Import | Role permission: Allows a user to import Secrets from an XML file. Users with the this permission can import groups, folders, site connectors, sites, and secret templates, without having to create a secret. Users must have the Secret Server permissions needed for the objects listed in the XML. | |
Advanced Session Recording | Advanced Session Recording (ASR) is a licensed feature of Secret Server that adds capabilities to those offered by basic session recording. You install the Advanced Session Recording Agent (ASRA), which uses the Remote Desktop Protocol, on any client machine where you want more information from the sessions recorded. | |
Advanced Session Recording Agent | The session recording software on a user's computer that performs ASR. | |
AES | Advanced Encryption Standard | A symmetric encryption algorithm widely used across the globe. |
AES128 | 128-bit AES | |
AES192 | 192-bit AES | |
AES256 | 256-bit AES | |
AIX | IBM's Unix operating system | |
AJAX | Asynchronous JavaScript and XML | A set of web development techniques using various technologies to create asynchronous web applications. |
All Secrets | All Secrets is a master table of the secrets stored on . It is a one-stop, searchable location for examining the status and properties of secrets. It is a supplement to, not a replacement for, the secret folder tree. It lists and you can sort by secret template, heartbeat status, sync status, machine, access date, username, and much more. You can customize which characteristics are displayed. | |
Allow Access Challenge | Role permission: Allows a user be challenged by Privileged Behavior Analytics if their behavior deviates from their normal behavior and meets certain requirements set by Privileged Behavior Analytics. Administrators do not have this permission by default. | |
Allow List Secret Access for Assigning Policy | Role permission: Allows users with list access to a secret to assign policies. Users need the view permission if they do not have this one. | |
ALM | Account Lifecycle Manager | See Account Lifecyle Manager. |
Amazon IAM Console Password | Built-in secret template. | |
Amazon IAM Key | Built-in secret template. | |
AMQP | Advanced Message Queuing Protocol | A protocol that enables client applications to communicate with middleware brokers. |
ANSI | American National Standards Institute | A private non-profit organization that oversees the development of voluntary consensus standards for products, services, processes, systems, and personnel in the U.S. |
APAC | Asia Pacific region | A geographic region comprising East Asia, South Asia, Southeast Asia, and Oceania. |
API | Application Programming Interface | A set of protocols and tools for building software and applications. |
APM | Application Performance Monitoring | The practice of monitoring software application performance to ensure quality and detect issues. |
Application Dashboard | The main page for searching and viewing secrets. You access it by clicking the Dashboard menu item. | |
Approve via Duo Push | Role permission: Allow a user to approve access requests via Duo push notifications. Administrators do not have this permission by default. | |
ARCFOUR | Alleged RC4 cipher | A stream cipher that was used in TLS prior to TLS 1.2. |
ARGV | Argument Vector | Represents command-line arguments that are passed to a program. |
ARN | Amazon Resource Name | A unique identifier for AWS resources, allowing for easy identification and interaction within AWS. |
AS400 | IBM mid-range server brand | Refers to IBM's range of mid-sized servers, now known as IBM i. |
ASA | Adaptive Security Appliance | A security device from Cisco that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. |
ASCII | American Standard Code for Information Interchange | A character encoding standard for electronic communication. |
ASHX | A web file extension used with Microsoft's ASP.NET | Open-source web framework for .NET for handling HTTP requests. | |
ASP | Advanced Server Pages | Microsoft's server-side script engine for dynamically generated web pages. |
ASPNET | ASP.NET | Open-source web framework for .NET | A framework for building dynamic web sites, applications, and services. |
ASR | Advanced Session Recording | A feature that records user sessions for monitoring or compliance purposes. |
ASRA | Advanced Session Recording Agent | A component responsible for capturing the data needed for session recording. |
Assign Pipelines | Role permission: Allows the user to assign an event pipeline policy to secret policies, or folders. | |
Assign Secret Policy | Role permission: Allows a user to assign Secret Policies to folders and secrets. | |
Automatic Secret Export | This feature allows you to automatically export secrets on a schedule to an external location in an encrypted, password-protected archive. | |
Automatic Sudo or Su Privilege Elevation | A convenience feature that eliminates the need to manually enter a su or sudo command's password when using a proxied SSH session to a Unix or Linux server. When a user manually types a su or sudo command with a valid secret ID, the SSH proxy automatically provides the username and password to use. The user does not need to know either. | |
AWS | Amazon Web Services | A subsidiary of Amazon providing on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. |
Azure AD Account | Built-in secret template. | |
Bank Account | Built-in secret template. | |
Basic Session Recording | Basic session recording is a licensed feature in Secret Server. It relies on the protocol handler configured on client machines through Secret Server's launcher. Using the launcher, Secret Server captures second-by-second screenshots on the client machine during a user's recorded session. These images of the user's screen are compiled into a video that can be downloaded and played back for auditing and security purposes. Activity recorded in the session is based on screen changes only. | |
BLOWFISH | An encryption method where the same key is used for both encrypting and decrypting the data. | |
BMC | Business Machine Code | Machine code or instructions used to operate business machinery such as mainframe computers. |
Browse Reports | Role permission: The "Browse Reports" role allows access to reports restricted by permissions. Permissions are configurable at the category and report levels and share a similar inheritance model to secrets and folders. You can define users or groups with "view" or "edit" permissions for each category or report. | |
BSD | Berkeley Software Distribution | A Unix operating system derivative developed and distributed by the Computer Systems Research Group at the University of California, Berkeley. |
Bypass Direct API Authentication Restriction | Role permission: Allows users to ignore the PreventDirectApiAuthentication advanced setting and log in via the API with a non-application account. | |
Bypass SAML Login | Role permission: Allows a user to login with local account without using SAML. | |
CA | Certificate Authority | An entity that issues digital certificates used to verify the identity of the certificate holder and provide the public key necessary to enable secure communications. |
CAC | Common Access Card | A smart card used primarily by the United States Department of Defense for identification and secure access. |
CAL | Certificate Authority List | A list of trusted certificate authorities that a browser or operating system will trust for secure communications. |
CALs | Client Access Licenses | A license that grants a user or device the right to access services, such as RDS, from a server running the Windows Server operating system. |
CAPTCHA | Completely Automated Public Turing test to tell Computers and Humans Apart | A challenge-response test used in computing to determine whether the user is human. |
CAST | CAST-128 encryption algorithm | A symmetric encryption algorithm used to encrypt and decrypt data, utilizing a 128-bit key. |
CAST128 | 128-bit key CAST encryption algorithm | A variant of the CAST-128 algorithm that specifically utilizes a 128-bit encryption key. |
CBC | Cipher Block Chaining | A block cipher mode that provides confidentiality by combining each plaintext block with the previous ciphertext block before encryption. |
CC | Common Criteria | An international standard for evaluating the security of information technology products. |
CD | Compact Disc | A digital optical disc used to store data, including music and data files. |
CDATA | Character Data | Special notations used in XML to represent characters that may be confused with markup elements. |
CDN | Content Delivery Network | A system of distributed servers that deliver pages and other web content to users based on their geographical location. |
CEF | Common Event Format | A standardized text file format for log management and interoperability among security tools. |
CER | Certificate | A file format and extension that holds digital certificates |
CERT | Computer Emergency Response Team | An expert group that handles computer security incidents. |
CFG | Configuration file | A file used to configure the operations of a computer program. |
CGI | Common Gateway Interface | A standard for interfacing external applications with servers to produce dynamic web pages. |
CHACHA20 | ChaCha20 stream cipher | A modern symmetric encryption algorithm designed for speed and security. |
Checkout Hook | In addition to changing the password on check in, secret owners can also specify administrator-created PowerShell scripts, called hooks, to run before or after checkout and check in. These are accessed from the Hooks tab of the secret, which only shows if checkout is enabled and PowerShell scripts have been created by an admin. | |
CHGUSRPRF | Change User Profile | A command used to change the values specified in a user profile on an IBMi, iSeries, or AS400 system |
CI | Continuous Integration | A software development practice where developers regularly merge their code changes into a central repository, followed by automated building and testing. |
CID | Column Identifier | A unique identifier for a column in a database or other data structure. |
CIDR | Classless Inter-Domain Routing | A method for allocating IP addresses and routing Internet Protocol packets. |
CIFS | Common Internet File System | A protocol that allows programs to make requests for files and services on remote computers on the Internet. |
CIS | Center for Internet Security | A nonprofit organization that provides cybersecurity tools, benchmarks, and guidelines. |
Cisco Account (SSH) | Built-in secret template. | |
Cisco Account (Telnet) | Built-in secret template. | |
Cisco Enable Secret (SSH) | Built-in secret template. | |
Cisco Enable Secret (Telnet) | Built-in secret template. | |
Cisco VPN Connection | Built-in secret template. | |
CISO | Chief Information Security Officer | A senior-level executive responsible for an organization's information and data security. |
CKM | Cryptographic Key Management | The process of managing cryptographic keys for a cryptosystem, including generation, use, storage, exchange, and replacement. |
CLI | Command Line Interface | Allows managing systems such as Secret Server via command-line scripts and tools. |
Cloud Suite | Cloud Suite is a part of a broader portfolio of identity and access management solutions, designed to extend privileged access management (PAM) and identity services to cloud environments. This enables organizations to secure access to cloud resources and applications through the same identity platform that they use for on-premises resources. | |
CLR | Common Language Runtime | A managed execution environment that is part of Microsoft's .NET framework. |
CLSID | Class Identifier | A GUID that represents a specific class within the .NET framework. |
CM | Configuration Management | The process of maintaining the consistency and integrity of a system or product throughout its lifecycle. |
CM | Connection Manager | See Connection Manager. |
CMAK | Connection Manager Administration Kit | A tool used to manage network connections in Windows. |
CMDLINE | Command Line | An interface that allows users to interact with software by typing commands. |
CMK | Customer Master Key | A key used in Amazon Web Services Key Management Service to encrypt and decrypt data. |
CMVP | Cryptographic Module Validation Program | A program by the National Institute of Standards and Technology to validate cryptographic modules to Federal Information Processing Standards. |
CN | Common Name | An attribute used in the subject field of a certificate to identify the entity that the certificate represents. |
CNG | Cryptography API: Next Generation | An application programming interface for cryptography, provided by Microsoft. |
COM | Component Object Model | A binary-interface standard for software components to communicate. |
COM+ Dependency Scanner | The COM+ Dependency Scanner allows for an Active Directory domain discovery source to locate COM+ Applications running on machines on the domain that are being run by Domain Accounts. | |
Combination Lock | Built-in secret template. | |
Common Criteria | The Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408), known as "Common Criteria," is an international standard for certifying security of computer systems, networks, and application software. Certification ensures that claims about the security attributes of the evaluated product have been independently verified in the specified, evaluated configuration and environment. The certification does not validate any security claims when the product is used outside of that evaluated configuration or environment. | |
Company Policy Login Banner | A login banner for usage agreements and conditions to be visible when users log into Secret Server | |
Configuration Overview Page | The Configuration Overview page (also called the "configuration preview") is a dynamic, one-stop locator for Secret Server configurations. | |
Connection Manager (CM) | Connection Manager provides secure connections to remote servers using RDP and SSH, allowing IT teams to launch ad-hoc connections to manage sessions with remote resources. Management of multiple active sessions is easy. You can store and organize connections by adding them to your favorites and import any folder structure or connections used in other tools for a single management hub. It includes remote connectivity tools closely integrated with Secret Server. It permits technical staff to quickly access resources using the convenience of a familiar, rich desktop interface while maintaining all the safeguards and workflows included with Secret Server. | |
Contact | Built-in secret template. | |
Copy Secret | Role permission: Allows a user to copy secrets when that user also has Own Secret role permission. | |
CORS | Cross-Origin Resource Sharing | A security feature implemented in web browsers to control the interactions between web pages from different domains. |
CPAN | Comprehensive Perl Archive Network | A repository of over 250,000 software modules and accompanying documentation for the Perl programming language. |
CPIC | Common Policy Implementation Criteria | Criteria used to assess the alignment of policies and procedures with common or accepted standards. |
CPU | Central Processing Unit | The primary unit of a computer that performs most of the processing. |
CQRS | Command and Query Responsibility Segregation | A pattern in software architecture where the data modification command responsibilities are separated from the data reading query responsibilities. |
Create Root Folders | Role permission: Allows a user to create new folders at the root level of the folder structure. | |
Credit Card | Built-in secret template. | |
CRL | Certificate Revocation List | A list of digital certificates that have been revoked by the issuing certificate authority. |
CRM | Customer Relationship Management | An approach to manage a company's interactions with current and potential customers using data analysis. |
CRQ | Change Request | A formal proposal for an alteration to some product or system. |
CRT | Certificate | File extension |
CSA | Cloud Security Alliance. An industry group focused on cloud security best practices that Secret Server aligns with. | An industry group focused on cloud security best practices, including alignment with tools like Secret Server. |
CSR | Certificate Signing Request | Used by systems like Secret Server to obtain SSL certificates from a certificate authority. |
CSS | Cascading Style Sheets | A style sheet language used for describing the look and formatting of a document written in HTML. |
CSV | Comma Separated Values | A file format that stores tabular data in plain text, with columns separated by commas. |
CTL | Certificate Trust List | A list of trusted certificates used by Windows to determine if a certificate issued by a particular certificate authority is to be trusted. |
Custom Password-Exclusion Dictionary | A list of words that you do not want users to choose as part of a password, for example, your company name. The dictionary becomes an option when creating or editing a password requirement object. Those, in turn, appear as options when creating a secret template. Finally, when a secret is created based on that template, the words in the dictionary are not allowed when creating a password (the "weak" warning appears). | |
CVE | Common Vulnerabilities and Exposures | A dictionary of publicly known information security vulnerabilities and exposures. |
CVSS | Common Vulnerability Scoring System | A standard used to classify and rate the severity of security vulnerabilities in software. |
Ciphertext | The result of encryption performed on plaintext using a cipher algorithm. | |
DAT | Data | File extension. |
DB | Database | A structured collection of data stored in a computer, often in a tabular form, and managed using software to facilitate rapid search and retrieval. |
DBA | Database Administrator | A person responsible for maintaining and optimizing a database, and ensuring its availability, performance, and security. |
DBMS | Database Management System | Software that is used to create, manage, and manipulate databases. |
DBO | Database Owner | A role in database systems that has complete control over the database, including permissions, schema modification, and data manipulation. |
DC | Domain Controller | In a network, it is a server that responds to security authentication requests and maintains the security policy and user account information. |
DCOM | Distributed Component Object Model | An extension of the Component Object Model (COM) that allows COM objects to communicate across network boundaries. |
DCS | Dynamic Credentials | A feature that automatically updates or rotates credentials based on configurable rules to enhance security. |
DE | Distributed Engine | An engine that spreads tasks across multiple servers or nodes to distribute the workload and improve performance. |
Deactivate Secret | Role permission: Allows a user to mark secrets as deactivated. | |
Delete Secrets from Reports | Role permission: Allows a user to run the delete Secrets action from a report. | |
Delinea Mobile App | The Delinea Mobile app provides MFA verification for the Delinea Platform as well as portable access to secrets managed in Secret Server. | |
Delinea Platform (DP) | The Delinea Platform seamlessly extends privileged access management across your company's hybrid multi-cloud infrastructure, with adaptive controls that help IT and cybersecurity teams to rapidly meet compliance and reduce risk. | |
Dependency (Secret) | Secret dependencies are items that rely on the username, password, or SSH private key stored in the secret. By adding them to the Dependencies tab, they are automatically updated when the secret's password is changed, ensuring they are up to date with the account on which they depend. | |
Dependency Group (Secret) | By default, all dependencies are updated in the order listed. There are cases where you may want to split out different sets of dependencies into separate groups. Typically, this is because a single service account may run services across different segregated networks that can communicate with the domain but not each other and have different distributed engine sites assigned. In this case you can create two dependency groups and assign them to different distributed engine sites to solve connectivity issues. | |
DES | Data Encryption Standard | A symmetric encryption algorithm that was widely used but is now largely obsolete due to its vulnerability to brute-force attacks. |
DevOps | Development and Operations | A set of practices that involve the collaboration and communication of both software developers and IT professionals to automate the process of software delivery and infrastructure changes. |
DevOps Secrets Vault (DSV) | Delinea's DevOps Secrets Vault is a high velocity vault that centralizes secrets management, enforces access, and provides automated logging trails. This cloud-based solution is platform agnostic and designed to replace hard-coded credentials in applications, micro-services, DevOps tools, and robotic process automation. This vault ensures IT, DevOps and Security teams the speed and agility needed to stay competitive without sacrificing security. DevOps Secrets Vault is deployed as an API-as-a Service. | |
DevOps Secrets Vault Client Credentials | Built-in secret template. | |
DH | Diffie-Hellman key exchange algorithm | A method of securely exchanging cryptographic keys over a public channel, often used in secure communications protocols. |
DHE | Ephemeral Diffie-Hellman key exchange | A variation of the Diffie-Hellman key exchange that uses temporary or "ephemeral" keys for each session, increasing security. |
DIM | Dimension | In computing and data science, this term often refers to a particular aspect or feature of data, used to provide some context or analysis. In databases, it could refer to an attribute or set of attributes in a data set used to provide some form of classification. |
Directory Services | Directory services are components of network operating systems that map the names of network resources to their network addresses. Their shared information infrastructure locates, manages, and organizes network resources, which can include volumes, folders, files, users, groups, devices, and much more. Active Directory is Secret Server's native directory service. | |
Discovery | Discovery is the process where scans an environment to find accounts and associated resources called dependencies. Once accounts are found, you can use them to create associated new secrets in . Users with the "administer discovery" role permission can either manually import accounts or can create an automated process, called a discovery rule, to do so. Using discovery does not stop users from manually creating their own secrets. | |
Discovery Command Set | An SSH script that runs on Unix machines and produces a specific set of output to be consumed in a discovery source flow. | |
Discovery Scan Template | Defines an object and what properties the object contains. For example, a computer account has a name, machine, and domain. Think of a scan template as an interface that describes an object. | |
Discovery Scanner | A discovery scanner is a component of a discovery source that that collects information during a discovery. There are four general types of scanners, called scan templates. Defines how to take that information and runs code to produce collection outputs. Scanners can be system out-of-the-box code that runs natively in the system or completely custom scripts that can do anything. | |
Discovery Script | A script for a discovery scanner. | |
Discovery Secret Search Filters | Certain scanners and import rules can use a filter that uses the name of the machine to find or use an associated Secret. For example, you may have a pattern of naming the local account on a machine including the machine name. A secret search filter allows you to find secrets using the name of the current machine in the pattern to find the matching secret. | |
Discovery Source | A discovery source is a named collective, ordered system that conducts discovery. There are five broad types: Active Directory, Amazon Web Services, Unix, VMware ESX\ESXi, and Google Cloud Platform. | |
Discovery Source Flow | A collection of scanners that work in a common pipe and filter architecture where each scanner inputs a certain type of item and then outputs a different type of item. For example, a scanner takes an input of a host IP range and outputs multiple computers that can then be consumed by another scanner which can input computer information and output computer accounts. | |
Distributed Engine | For smaller enterprises, Secret Server performs all functions on the Web server it is installed on. It is also scalable for large enterprises and scenarios demanding higher performance. We use remote distributed engines to accomplish this. You route high-demand processing and traffic operations through one or more of these to enhance 's capacity. For example, distributed engines can synchronize and authenticate for Active Directory. They can also perform remote password changing, heartbeat, discovery and more, all controlled by a single installation. | |
distributedengine | A Windows service that does a DE's actual work, such as password changing, heartbeat, discovery, and more. Each engine belongs to a site. | |
DKIM | DomainKeys Identified Mail | An email authentication technique that allows the receiver to check that an email was actually sent by the domain it claims to have been sent by and that it hasn't been changed in transit. |
DLL | Dynamic-link library | A collection of small programs or routines designed to perform specific tasks and can be dynamically loaded into running programs. |
DMZ | Demilitarized Zone | A physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted network, usually the internet. |
DN | Distinguished Name | A string used in the X.500 standard to uniquely identify an entity within a directory service. |
DNS | Domain Name System | A system for converting human-friendly domain names into IP addresses. |
DOM | Document Object Model | A programming interface that represents HTML and XML documents as a tree structure where each node is an object representing a part of the document. |
DOS | Disk Operating System | A family of disk operating systems predominantly composed of MS-DOS and a rebranded version under the name IBM PC DOS. |
Doublelock | Secret Server's doublelock is a feature that provides an additional security layer by protecting secret data using asymmetric encryption (a public/private key pair) where the private key is a human-generated password. This feature is independent of regular permissions, Secret Server login access, or physical access to the machine running Secret Server. A shortcut way of thinking about doublelocks is as an extra password for secrets that is held by a set group of users. In addition, both the password and the group of users are reusable for other secrets. | |
Doublelock Object | A named object that is associated with one or more secrets and one or more users (via password objects). Doublelock objects, or simply doublelocks, point to secrets (what can be accessed) and doublelock password objects (who can access it). | |
Doublelock Password Object | An encrypted password that is associated with one user. The same doublelock password object, or simply doublelock password, is used for all doublelocks to which a user has access. Once a user is assigned to a doublelock, that user has access to any secret using that doublelock, using a single password. A doublelock password has nothing to do with the user's Secret Server access password. | |
Download Automatic Export | Role permission: The user can view all of the automatic export tabs and download exports from cloud storage (cloud customers only). | |
Download Hash | Download hash codes or hashes are used to verify the integrity and authenticity of downloaded software. Hash codes are unique mathematical values that are generated based on the content of the software file and can be used to confirm that the downloaded file matches the original version and has not been tampered with. By comparing the hash code of the downloaded file with the hash code provided by the software developer, you can ensure that the software you downloaded is genuine and has not been corrupted during the download process. | |
DP | Delinea Platform | See Delinea Platform. |
DPAPI | Data Protection API | A Windows API used by applications like Secret Server to encrypt sensitive data at rest. |
DR | Disaster Recovery | The process, policies, and procedures related to preparing for and recovering from a serious negative event affecting information systems. |
DRAC | Dell Remote Access Controller | A hardware and software solution for remote systems management. |
DRP | Disaster Recovery Plan | A documented process or set of procedures that helps in the recovery or protection of a particular IT infrastructure in the event of a disaster. |
DS | Directory Service | Software systems that store, organize, and provide access to directory information in order to reduce duplication of information. |
DSA | Digital Signature Algorithm | A public-key algorithm used for digital signatures. |
DSC | Desired State Configuration | A management platform in PowerShell that enables you to manage your IT and development infrastructure declaratively. |
DSEE | Directory Server Enterprise Edition | An enterprise directory service product from Oracle, offering robustness and scalability. |
DSOH | Directory Server On-Demand Hold | A feature in directory services that temporarily prevents specific changes from replicating to other servers. |
DSS | Data Security Standard | Security standards designed to secure data through a network. |
DSV | DevOps Secrets Vault | See DevOps Secrets Vault. |
DUO | Duo Security | A company that provides multi-factor authentication services. |
DWORD | Double Word (data type) | A data type that usually consists of 32 bits in a computer's memory. |
EA | Early Availability | Refers to a beta version of software that is made available for testing before the official release. |
EA | Enterprise Architecture | A conceptual blueprint that defines the structure and operation of an organization. |
EAP | Extensible Authentication Protocol | A framework for transport of authentication protocols. |
EAU | Endpoint Authentication | The process of authenticating devices that connect to a network. |
EBS | Elastic Block Store (AWS) | Provides block storage volumes for use with Amazon EC2 instances. |
EC2 | Elastic Compute Cloud (AWS) | An AWS service that provides resizable computing capacity in the cloud. |
ECC | Elliptic Curve Cryptography | An asymmetric key encryption technology. |
ECDH | Elliptic Curve Diffie-Hellman | A version of the Diffie-Hellman protocol using elliptic curve cryptography. |
ECDSA | Elliptic Curve Digital Signature Algorithm | A variant of the Digital Signature Algorithm (DSA) which uses elliptic curve cryptography. |
Edit (Folder Permission) | Allows the user to create new folders in that folder, which forces the "Inherit Permissions from Parent" permission on the new folder, move secrets into that folder, and add new secrets into that folder. | |
Edit Secret | Role permission: Allows a user to edit secrets. Note that they still require the "Edit" or "Owner" permissions on the individual secrets they are editing. | |
EFS | Encrypting File System (Windows) | A feature of Windows that allows files to be transparently encrypted to protect confidential data. |
EID | Endpoint Identifier | A unique ID that helps in identifying network endpoints. |
EMEA | Europe, Middle East, and Africa | A commonly used regional designation. |
Engine | Distributed Engine | An engine that spreads tasks across multiple servers or nodes to distribute the workload and improve performance. |
ENU | English | One of the standardized set of codes used to represent the English language, such as "en" or "en-US". |
ENV | Environment | In computing, refers to a specific set of hardware, software, and settings used for specific tasks. |
EP | End Point | The point at which a data flow ends, like a destination IP address and port number in a network. |
EPMD | Erlang Port Mapper Daemon | A service in Erlang programming for distributing and managing nodes. |
Erase Secret | Role permission: Allows a user to permanently erase (as opposed to deactivate, which is reversible) a secret. | |
ERP | Enterprise Resource Planning | A software system that helps organizations manage and integrate their core business processes. It provides a centralized platform for various departments within an organization to collect, store, manage, and interpret data from different business activities |
ESM | Enterprise Security Manager | A security module in SAP systems that helps in managing different security aspects. |
EST | Enrollment over Secure Transport protocol | A protocol used for secure certificate enrollment. |
ESX | Elastic Sky X | VMware project. Short for VMware ESXi hypervisor, a virtualization platform. |
Event Pipelines | Event pipelines (EPs) are a named group of triggers, filters, and tasks to manage events and responses to them. Event pipelines themselves can be grouped into EP policies. The Secret Server EP system is essentially a flexible instruction set builder and manager for controlling events and responses. | |
Event Subscriptions | Event subscriptions trigger notifications of defined events within the system. These notifications are sent to the inbox and from there can be sent externally via email or Slack. | |
EVT | Event | An event log file extension for Windows. |
EWSR | Enable Web Services Reporting | An option to activate reporting capabilities via web services. |
EX | Export Policy | A set of guidelines or rules that govern how data or services can be transferred or accessed outside a particular environment. |
Expire Secrets from Reports | Role permission: Allows a user to expire Secrets listed in a report.' | |
Extensible Discovery | Extensible discovery lets you extend the already powerful scanning abilities of Secret Server by creating custom scanners that run PowerShell. You can use either built-in or custom scanners and templates at each step of the discovery process in extensible discovery. If the built-in discovery sources, scanners, or input and output template, cannot you meet your needs, you can use PowerShell scripts to perform any part of discovery. Doing so requires that you define your own input and output templates and scanners and then add them to a new or existing discovery source. | |
FAU | Federal Agency Unit | A unit of the federal government responsible for performing government functions, ranging from intelligence and defense to public policy and regulations. |
FIA | Financial Institutions Advisories | Advisories issued by the U.S. Treasury targeted at financial institutions to notify them of regulatory changes or security concerns. |
FIDO2 | Fast Identity Online 2 | A set of standards that enable simpler and more secure user authentication experiences across many types of platforms and devices. |
Field Slug Name | A field slug name in Secret Server is a unique human-readable identifier for a data field in a Secret Server template. The field slug name is available for integrating with third-party applications via API calls. Slug names are programmatically available for API calls but are not visible to template users (secret creators). Instead, they are displayed as references in secret templates. | |
FIPS | Federal Information Processing Standard | A set of U.S. government standards that define how various types of information are to be encoded. Secret Server's support for FIPS refers to its compatibility with FIPS 140-2 validated cryptographic modules. |
Folders | Secret folders allow you to create containers of secrets based on your needs. They help organize your customers, computers, regions, and branch offices, to name a few. Folders can be nested within other folders to create sub-categories for each set of classifications. Secrets can be assigned to these folders and sub-folders. Folders allow you to customize permissions at the folder level, and all secrets within can inherit the folder's permissions. Setting permissions at the folder level ensures future secrets placed in that folder have the same permissions, simplifying management across users and groups. | |
Force Check In | Role permission: Allows a user to force a secret that is checked out by another user to be checked in. | |
FPS | Frames Per Second | A unit that measures display device performance or video/animation quality, indicating how many individual frames are displayed per second. |
FPSE | Format Preserving Strong Encryption | Encryption that transforms plaintext into ciphertext of the same format and length, typically used in financial systems. |
FQDN | Fully Qualified Domain Name | The complete domain name for a specific computer, or host, on the internet, often consisting of a host name and a domain name, like Example Domain . |
FTA | Functional Test Associate | Typically a role or position involved in the functional testing of software or systems to ensure they meet specified requirements. |
FTP | File Transfer Protocol | A standard network protocol used to transfer computer files from one host to another over a TCP-based network, such as the internet or an intranet. |
GA | General Availability | The stage in a software's lifecycle where it is considered fully tested and reliable, often the first version available to the general public. |
GCM | Galois/Counter Mode (cryptography) | A mode of block cipher operation providing both data authenticity (integrity) and confidentiality. Commonly used in cryptography. |
GCM | Google Cloud Messaging | A messaging solution for sending information from servers to client apps. It is now replaced by Firebase Cloud Messaging (FCM). |
GCP | Google Cloud Platform | A suite of cloud computing services that run on the same infrastructure that Google uses internally for its end-user products. |
GDPR | General Data Protection Regulation | A regulation enforced by the EU to protect citizens' personal data and privacy, affecting businesses worldwide. |
Generic Discovery Credentials | Built-in secret template. | |
Geo Replication | Server geo-replication is a technique used to distribute data across multiple geographic locations for the purpose of data redundancy, high availability, and faster access. It is commonly used in the context of database servers, web servers, and other types of infrastructure that require fault tolerance and quick recovery from hardware failures or other types of incidents. | |
Getting Started Tutorial | A introductory guide to Secret Server for technical users. | |
Global Banner | A multipurpose global banner for all users and used for maintenance, security, or policy notifications. | |
Google IAM Service Account Key | Built-in secret template. | |
GPO | Group Policy Object | A feature of the Microsoft Windows NT family of operating systems that allows administrators to implement specific configurations for users and computers within an Active Directory environment. |
GPU | Graphics Processing Unit | Specialized hardware designed to accelerate rendering of images and videos to be output to a computer's screen. |
Group | A collection of users managed together for administrative convenience. Users within a group inherit the permissions and roles attributed to that group, making it easier to manage security settings. Groups can also be synchronized with external services like Active Directory. | |
GSS | Generic Security Services | A software layer that provides a standardized interface for secure communication, often used to implement Kerberos mechanisms. |
GUI | Graphical User Interface | A type of user interface that allows users to interact with computer systems through graphical elements like buttons and windows, as opposed to text-based interfaces. |
GUID | Globally Unique Identifier | A unique reference number used as an identifier in computer software, ensuring that each object has a unique ID. |
HA | High Availability | A system design approach aimed at ensuring a high level of operational uptime. It often involves redundant or failover components. |
Healthcare | Built-in secret template. | |
Heartbeat | Secret Server's heartbeat feature allows secrets to have their entered credentials automatically tested for accuracy at a given interval. Using heartbeat on secrets ensures those credentials are up-to-date and can alert administrators if the credentials are changed outside of Secret Server. Heartbeat helps manage secrets and prevent them from being out of sync. | |
HMAC | Hash-based Message Authentication Code | A specific type of message authentication code that uses cryptographic hash functions and a secret key for data integrity and authentication. |
HP | Hewlett-Packard | An American multinational information technology company that produces hardware and software solutions. |
HPE | Hewlett Packard Enterprise | Hewlett Packard Enterprise Servers are robust and scalable servers designed to meet the complex demands of modern business computing, offering advanced features for virtualization, high-performance computing, and cloud-based environments. |
HP iLO Account (SSH) | A built-in secret template. | |
HSM | Hardware Security Module | Physical computing devices that safeguard digital keys and perform cryptographic functions. |
HSTS | HTTP Strict Transport Security | A web security policy mechanism that helps to protect websites against man-in-the-middle attacks by enforcing secure (HTTPS) connections. |
HTML | Hypertext Markup Language | The standard markup language for documents designed to be displayed in web browsers. |
HTTP | Hypertext Transfer Protocol | The fundamental protocol used for transferring data over the web. |
HTTPAPI | HTTP Application Programming Interface | A set of API calls for HTTP, allowing for programmatic interaction with web services. |
HTTPS | HTTP Secure (SSL/TLS encryption) | An extension of HTTP, secured with SSL/TLS encryption. |
IAM | Identity and Access Management | A framework for business processes that facilitates the management of electronic identities, allowing the right individuals to access the right resources at the right times for the right reasons. |
IBM | International Business Machines Corporation | An American multinational technology and consulting company. |
IBM iSeries Mainframe | Built-in secret template. | |
ICD | Interface Control Document | A document that describes the interface to a system or subsystem, providing details for ensuring compatibility. |
ICT | Information and Communications Technology | An umbrella term that includes any communication device or application, encompassing radio, television, phones, computer and network hardware, etc. |
ID | Identifier | A unique value used to identify a record or entity within a database or system. |
IDEA | International Data Encryption Algorithm | A symmetric key block cipher that was once considered very secure but has since been superseded by newer algorithms. |
Identity Bridge | A legacy Active Directory management product. | |
IDP | Identity Provider | A system that creates, maintains, and manages identity information and provides authentication services. |
IDS | Intrusion Detection System | |
IE | Internet Explorer | A discontinued web browser developed by Microsoft. |
IIS | Internet Information Services | A web server from Microsoft used to host websites and other content on the web. |
iLO | Integrated Lights Out | An embedded server management technology exclusive to Hewlett Packard Enterprise, which allows for remote control of HPE servers, providing powerful management capabilities irrespective of the server's operating status. |
Inbox | The Inbox page shows notifications such as event subscription alerts, access requests and approvals, and other configuration alerts in a single interface. In addition to viewing notifications in the inbox, you can configure the inbox to forward them via email or Slack, subject to numerous configurable criteria. You can also customize the format of the email messages. | |
INTG | Integrations | Generally refers to the process of bringing together different computing systems and software applications physically or functionally. |
IO | Input/Output | The collection of interfaces that different functional units of an information processing system use to communicate with each other. |
IOS | Internetwork Operating System | The software used on a majority of Cisco Systems routers and switches. |
iOS | iPhone Operating System | Apple smartphone OS. |
IoT | Internet of Things | Refers to a network of physical devices that are embedded with sensors, software, and other technologies to collect and exchange data with other devices and systems over the internet. Secret Server can manage credentials for IoT devices. |
IP | Internet Protocol | The principal communications protocol for relaying datagrams across network boundaries in the internet. |
IPSec | Internet Protocol Security | A suite of protocols for securing internet protocol (IP) communications by authenticating and encrypting each IP packet in a data stream—a VPN tunnel. |
IPV | IPv4 | The fourth version in the development of the internet protocol (IP) and routes most traffic on the internet. |
ISAPI | Internet Server API | An API developed by Microsoft that allows you to extend the functionality of an IIS web server. |
ISE | Identity Services Engine | A security policy management and control platform from Cisco Systems. |
ISO | International Organization for Standardization | An international standard-setting body composed of representatives from various national standards organizations. |
ITSM | Information Technology Service Management | A set of policies, processes, and procedures for managing IT services. |
IWA | Integrated Windows Authentication | An authentication method to securely store usernames and passwords, commonly used in intranet environments. |
JAR | Java Archive | A package file format that aggregates many files into one, typically used to store Java classes. |
JIRA | Jira | An issue and project tracking software developed by Atlassian. |
JS | JavaScript | A high-level, interpreted programming language used for client-side web development. |
JSON | JavaScript Object Notation | A lightweight data-interchange format that's easy for humans to read and write and easy for machines to parse and generate. |
JWT | JSON Web Token | An open standard for securely transmitting information between parties as a JSON object. |
KB | Knowledge Base | A database used for storing information, commonly in the context of technical support. |
KBA | Knowledge Base Article | An individual document in a knowledge base, typically addressing a single issue or topic. |
KBA | Knowledge-Based Authentication | A security measure that requires the user to answer a question only they would know. |
KEM | Key Encryption Mechanism | An algorithm used to securely encapsulate (encrypt) cryptographic keys. |
KEX | Key Exchange algorithm | Algorithms used to securely exchange cryptographic keys between parties. |
KMS | Key Management Service | A service that manages cryptographic keys for encryption. It uses envelope encryption where the encryption key changes each time you make a request for a key. |
Kyber-1024 | A KEM specifically designed to resist quantum computing attacks. | |
LAN | Local Area Network | A network that connects computers within a limited area, like a home or office. |
LCID | Locale Identifier | A unique identifier assigned to geographical or cultural regions for formatting purposes. |
LDAP | Lightweight Directory Access Protocol | A protocol for accessing and maintaining a directory service, such as Microsoft’s Active Directory. |
LDAPS | LDAP Secure | LDAP over SSL/TLS, a secure version of LDAP. |
LDP | Lightweight Directory Protocol | Usually a typo referring to LDAP. |
LDS | Lightweight Directory Services | A subset of LDAP services that's lighter and easier to manage. |
LM | LAN Manager | An outdated protocol suite by Microsoft used to provide file and print sharing services. |
LPT | Line PrinTer (port) | Refers to the printer port used in older computer systems. |
LSA | Local Security Authority | A Windows component responsible for enforcing security policies. |
LTS | Long Term Support (version) | Software versions that are supported for a longer period than standard versions. |
LWP | Libwww-perl | A Perl library for web-related activities. |
Maintenance Mode | Maintenance mode allows you to temporarily prevent users from changing roles, secrets, or secret-related data such as dependencies, templates, and password requirements. | |
Master Encryption Key | The main key used in a cryptographic system, often used to derive additional keys. When Secret Server is first installed, a unique random AES256 Master Encryption Key (MEK) is generated and saved in a file, encryption.config. The MEK protects anything sensitive in Secret Server that is not associated with a specific secret, as well as each secret’s unique AES256 key when an HSM is not used. | |
Master Encryption Key Rotation | For added security, you can rotate the MEK, re-encrypting protected data with the new key. | |
MD2-5 | Message Digest 2-5 | Cryptographic hash functions. |
MEK | Master Encryption Key | See Master Encryption Key. |
MemoryMQ | Memory Message Queue | A legacy built-in service developed by Delinea—replaced with RabbitMQ for production systems. |
MFA | Multi-Factor Authentication | A security system that requires multiple methods of authentication. |
Microsoft SQL Server | A relational database management system developed by Microsoft. | |
MMC | Microsoft Management Console | A framework for hosting administrative tools on Windows. |
MOF | Managed Object Format | A language for describing instances of CIM (Common Information Model) classes. |
MP4 | MPEG-4 video file format | A digital multimedia container format most commonly used to store video and audio. |
MPEG | Moving Picture Experts Group | A working group responsible for the development of video and audio encoding standards. |
MQ | Message Queue | Middleware from IBM that helps to seamlessly connect different components of a business application. |
MS | MicroSoft | An abbreviation for Microsoft Corporation. |
MSADC | Microsoft Active Directory Connector | A way to integrate Microsoft Active Directory with other services. |
MSDTC | Microsoft Distributed Transaction Coordinator | A component of Microsoft Windows that is responsible for coordinating transactions. |
MSI | Microsoft Installer | A software component used for installing, maintaining, and removing software. |
MySql Account | Built-in secret template. | |
NARTAC | NATO Communications and Information Agency | An agency responsible for NATO's IT and communication needs. |
NAS | Network-Attached Storage | A dedicated file storage system that provides storage space over a network. |
NAT | Network Address Translation | A technique of remapping an IP address space into another. |
NATO | North Atlantic Treaty Organization | A military alliance of 30 countries. |
NCO | NATO Consultation | Likely refers to the process or instance of consulting or collaboration within the context of NATO. |
NCRYPT | Ncrypt | A library in Windows for handling cryptography functions contained in nncrypt.dll. It is an essential component of the operating system and is used by various programs to ensure the security of sensitive information. This DLL file provides encryption and decryption operations, helping to protect data from unauthorized access or tampering. |
NDP | Network Device Enrollment Service | A Cisco service for secure distribution of certificates. |
NET | Microsoft .NET Framework | A software framework developed by Microsoft. |
NETBIOS | Network Basic Input/Output System | An API that augments the DOS API and provides network services. |
NG | Next Generation | Generally refers to the next iteration or version of a product, technology, or methodology. |
NIST | National Institute of Standards and Technology | An agency that develops and promotes measurement standards. |
NNTP | Network News Transfer Protocol | An Internet application protocol for the distribution, retrieval, and posting of news articles. |
NPL | National Physical Laboratory | The national measurement standards laboratory for the United Kingdom. |
NSA | Network Security Appliance | The SonicWall Network Security Appliance (NSA) series is a line of advanced firewalls designed by SonicWall, targeted primarily at medium to large-sized businesses and distributed enterprise environments. |
NSA | National Security Agency | A U.S. intelligence agency responsible for signal intelligence and information assurance. |
NT | New Technology | Usually refers to a family of operating systems by Microsoft, starting with Windows NT. |
NTC | National Transportation Commission | An organization that regulates transportation. |
NTFS | New Technology File System | A file system used by Windows NT and its successors. |
NTLM | NT LAN Manager | An authentication protocol used in various Microsoft network protocol implementations. |
NTP | Network Time Protocol | A protocol used to synchronize computer clock times over a network. |
OAEP | Optimal Asymmetric Encryption Padding | A padding scheme often used in RSA encryption. |
OATH | Open Authentication | Standards for multi-factor authentication (MFA). |
OAUTH | Open Authorization framework for API authentication | A framework for token-based API authentication. |
Object Metadata | Object metadata allows you to store extended information on several Secret Server objects including users, groups, folders, dates, or secrets via the user interface or REST API. You can store most data types, including strings, Boolean values, numbers, dates, and users. You can combine this metadata into sections containing named fields of your defined types. | |
OCS | Office Communications Server | A Microsoft instant messaging platform. |
ODAC | Oracle Data Access Components | Software components for connecting to Oracle databases. |
ODBC | Open Database Connectivity | A standard API for accessing database management systems. |
OEM | Original Equipment Manufacturer | A company that produces parts and equipment that may be marketed by another manufacturer. |
OIDC | OpenID Connect | An identity protocol that is layered on top of the OAuth 2.0 protocol. |
OKTA | Okta | A service providing identity management solutions. |
OLDAP | OpenLDAP | An open-source implementation of the Lightweight Directory Access Protocol. |
OOB | Out of Box | |
OpenLDAP Account | Built-in secret template. | |
ORA | Oracle database | A database management system from Oracle Corporation. |
Oracle Account | Built-in secret template. | |
Oracle Account (TCPS) | Built-in secret template. | |
Oracle Account (Template Ver 2) | Built-in secret template. | |
Oracle Account (Walletless) | Built-in secret template. | |
ORG | Organization | A group of people working together towards common goals. |
OS | Operating System | Software that controls the computer hardware and provides services for computer programs. |
OSX | Operating System X | A desktop operating system from Apple. |
OTP | One-Time Password | A password that is valid for only one login session. |
OU | Organizational Unit | A subdivision within an Active Directory into which you can place users, groups, computers, and other OUs. |
Own Group | Role permission: Allows a user to be an owner of a group. This permission is in the default Group Owner role, which is automatically assigned when that user is set as owner of a group. | |
Own Secret | Role permission: Formerly "Share Secret", allows a user to share secrets with other users. Also allows users to perform more advanced tasks on secrets of which they are "Owners", such as configuring expiration schedules, configuring the web launcher, converting secret template, and copying secrets (when a user also have the Copy Secret role permission.) | |
Own User | Role permission: Allows the user to become a user owner, used to configure specific users without the Administer Users permission. | |
Owner (Folder Permission) | Allows the user to create new folders in that folder without forcing inheritance, move the folder, delete the folder, rename the folder, and change the permissions and inheritance settings on the folder. | |
PAM | Privileged Access Management | A solution that helps organizations restrict privileged access within an environment. |
PAP | Password Authentication Protocol | A simple, clear-text authentication scheme. |
Password | Built-in secret template. | |
PBA | Privileged Behavior Analytics | See Privileged Behavior Analytics. |
PBKDF2 | Password-Based Key Derivation Function 2 | A key derivation function with a sliding computational cost. |
PC | Personal Computer | A computer designed for use by one person at a time. |
PCI | Payment Card Industry | A set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. |
PCI DSS | Payment Card Industry Data Security Standard | A set of security standards for merchants and organizations that handle branded credit cards. |
Portable Document Format | A file format used to present and exchange documents reliably. | |
Personal Folder | In Secret Server, a personal folder is a folder that one (and only one) individual has owner access to. No user can modify sharing permissions on these folders. User's can add subfolders to their personal folder. The purpose of this folder is to allow a user to securely store work-related secrets that other users do not require access to. Note that when in break-the-glass mode, an unlimited admin can access a user's personal folder in order to recover secrets if needed. | |
Personal Folders | Role permission: Allows a user to have personal folder when the global personal folders configuration options is enabled. | |
Personally Identifiable Information | Any data that could potentially identify a specific individual. | |
PFX | PKCS #12 | A file format for storing server cryptographic keys. |
PII | Personally Identifiable Information | Any data that could potentially identify a specific individual. |
PIN | Personal Identification Number | A numerical code used for authentication. |
Pin | Built-in secret template. | |
PIV | Personal Identity Verification | A standard for smart cards used for identification. |
PKCS | Public Key Cryptography Standards | A set of cryptographic standards. |
PKI | Public Key Infrastructure | A framework that manages digital keys and certificates. |
PM | Project Manager | An individual responsible for planning, executing, and closing projects. |
PM | Privilege Manager | See Privilege Manager. |
PNG | Portable Network Graphics | A raster graphics file format that supports lossless data compression. |
POC | Proof of Concept | A demonstration to verify that certain concepts or theories have the potential for real-world application. |
PORT | Network port | A hardware or software interface for transferring data. |
POSIX | Portable Operating System Interface standard | A family of standards specified by the IEEE for maintaining compatibility between operating systems. |
POST | Power On Self Test | A diagnostic process that occurs when you start the computer. |
PostgreSQL | An open-source database management system | A free and open-source relational database management system. |
PQ | Post Quantum | An encryption or encapsulation algorithm that is resistant to quantum computing attacks. |
Privilege Manager (PM) | Privilege Manager is an endpoint least privilege and application control solution for Windows, macOS, and Unix/Linux, capable of supporting enterprises and fast-growing organizations at scale. Mitigate malware and modern security threats from exploiting applications by removing local administrative rights from endpoints. The two major components are Local Security and Application Control. | |
Privilege Manager Administrator | Role permission: Allows the user to have the "Administrator" role for Privilege Manager, giving full access to the system. | |
Privilege Manager Helpdesk User | Role permission: Allows the user to have the "Help Desk" role for Privilege Manager, giving full access to approve or deny escalation requests. | |
Privilege Manager MacOS Admin | Role permission: Allows the user to have the MacOS "Administrator" role for Privilege Manager, giving full access to the system. | |
Privilege Manager Unix/Linux Admin | Role permission: Allows the user to have management permissions to Unix/Linux policies and machines. | |
Privilege Manager User | Role permission: Allows the user to have the "User" role for Privilege Manager, giving read and write permissions to most items, but not rights to modify security permissions. Administrators do not have this permission by default. | |
Privilege Manager Windows Administrator | Role permission: Allows the user to have the Windows "Administrator" role for Privilege Manager, giving full access to the system. | |
Privileged Behavior Analytics (PBA) | PBA works with Secret Server to improve enterprise system security by helping to visualize, detect, interrupt, and announce threatening activity and behavior. | |
Product License Key | Built-in secret template. | |
Protocol Handler | An application on an end-user's machine. It enables communication between Secret Server and that client machine. It also provides the files needed by launchers. | |
PS | PowerShell | A task automation and configuration management framework from Microsoft. |
PSE | Personal Security Environment | A user-specific environment with customized security settings. |
PUB400 | Public access folders in an IBM i environment. | |
Public Worker | A role that utilizes a public bus for communication and is not intended for executing business application logic. | |
PuTTY | Popular SSH and Telnet Client (literally) | A free and open-source terminal emulator that supports various network protocols. |
QA | Quality Assurance | The process of verifying or determining whether products meet or exceed customer expectations. |
QR | Quick Response | A type of matrix barcode commonly used for storing URLs or other information. |
QRTZ | Quartz enterprise scheduler | An open-source job-scheduling library. |
RabbitMQ (RMQ) | RabbitMQ is an important component of Secret Server’s on-premises environment, providing a robust framework for queuing messages between Secret Server and its Distributed Engines. RabbitMQ is an enterprise-ready software package that provides reliability and clustering functionality superior to other applications. RabbitMQ helper is Delinea's implementation of RabbitMQ. | |
RabbitMQ Durable Exchange | In RabbitMQ, an exchange is a routing mechanism that takes messages from producers and pushes them to queues based on certain rules, known as bindings. An exchange can be configured to be "durable," meaning it will survive server restarts. | |
RabbitMQ Helper | See RabbitMQ. | |
RACF | Resource Access Control Facility | IBM mainframe security module. |
RADIUS | Remote Authentication Dial-In User Service | A networking protocol that provides centralized Authentication, Authorization, and Accounting. |
RAM | Random Access Memory | A type of computer memory that can be read and changed in any order. |
RAS | Remote Access Service | A service for remote computer access. |
RBAC | Role-Based Access Control | A system for managing permissions based on roles within the organization. |
RBS | Role Based Security | An approach to security that assigns permissions based on roles within the organization. |
RCE | Remote Code Execution | The ability to execute code on a remote system. |
RCP | Remote Copy Protocol | A protocol used for copying files over a network. |
RD | Remote Desktop | A technology that allows users to connect to a remote computer. |
RDBMS | Relational Database Management System | A database management system based on the relational model. |
RDP | Remote Desktop Protocol | See Remote Desktop Protocol |
Remote Desktop Protocol | A Microsoft protocol for remote control of computers. | |
RDPWin | The primary executable for SSPH. | |
Remote Desktop Services | Remote control services (using RDP) provided by a dedicated server or servers. | |
RDS | Remote Desktop Services | See Remote Desktop Services. |
ReBAC | Relationship-Based Access Control | A type of access control based on relationships between entities. |
REG | Windows Registry | A database to store settings and options for the Microsoft Windows operating system. |
Remote Password Changing | A Secret Server feature that can automatically change passwords on various platforms including Windows, databases, and network appliances. Remote Password Changing (RPC) allows secrets to automatically update a corresponding remote account. You can set secrets for automatic expiration, followed by automatic strong password generation and a remote password update to keep the subject accounts synchronized with Secret Server. | |
REQS | Requirements | Specifications that must be satisfied by a system or component. |
REST | Representational State Transfer | An architectural style for distributed hypermedia systems. |
REST API | RESTful Application Programming Interface | An API using REST architecture. Used in Secret Server. |
RFC | Request for Comments | A publication from the IETF and the Internet Society, the principal technical development and standards-setting bodies for the Internet. |
RHEL | Red Hat Enterprise Linux | An enterprise-level Linux operating system. |
RIPEMD | Race Integrity Primitives Evaluation Message Digest | A cryptographic hash function. |
RIPEMD160 | 160-bit RIPEMD | A 160-bit cryptographic hash function. |
RMQ | RabbitMQ | See RabbitMQ. |
Role | Every user and group must be assigned to a role. uses role-based access control to provide very granular system access. ships with three roles: Administrator, User, and Read-Only User. Each role contains a set of permissions to match the job function of users with that role. See the Role Permissions List for details. | |
Rotate Encryption Keys | Role permission: Allows a user to start a process that rotates the Secret encryption keys. | |
RPC | Remote Password Changing | See Remote Password Changing. |
RPC | Remote Procedure Call | A protocol for executing code on a remote server. |
RPO | Recovery Point Objective | Maximum acceptable data loss in the event of a failure. |
RSA | Rivest-Shamir-Adleman | A public key encryption technology. |
RTO | Recovery Time Objective | The maximum amount of time for recovering data after a disaster. |
RU | Request Unit | A unit of measure for system resources. |
Run Automatic Export | Role permission: The user can view all of the automatic export tabs and run the export manually by clicking the Run Export button. | |
Run Disaster Recovery Data Replication | Role permission: Allows user to initiate or test Data Replication. | |
Run Scripts | Role permission: Separates privileges in script management. Holders of the "View Scripts" role permission cannot execute test runs of scripts, and this permission must be assigned to perform this task.Administer Scripts remains unchanged and allows view, edit, and run permissions. | |
S3 | Simple Storage Service | AWS object storage. |
SA | Systems Administrator | Person responsible for managing systems. |
SALT | Random data added during password hashing. | |
SAM | Security Accounts Manager | Windows component for managing security accounts. |
SAML | Security Assertion Markup Language | An open standard used by Secret Server to support SSO. |
SAN | Storage Area Network | A network designed for storing data. |
SAP | Systems Applications and Products | An ERP system and company. |
SAP Account | Built-in secret template. | |
SAP SNC Account | Built-in secret template. | |
SAPNCO | SAP NetWeaver Component | A component of SAP NetWeaver, which is a software stack and technology platform developed by SAP SE. It serves as the technical foundation for many of SAP's enterprise applications |
SAPSNC | SAP SNC | Cryptographic library for SAP. |
SBS | Small Business Server | Windows server edition tailored for small businesses. |
SCIM | System for Cross-domain Identity Management | Protocol for managing identities across domains. |
SCP | Secure Copy Protocol | SSH file transfer protocol. |
SDK | Software Development Kit | Toolkit for software development. |
SDLC | Software Development Life Cycle | The phases involved in software development. |
SEC | Security and Exchange Commission | U.S. government agency for regulating securities. |
Secret | A piece of information that is stored and managed within is referred to as a secret. Secrets are derived from secret templates. Typical secrets include, but are not limited to, privileged passwords on routers, servers, applications, and devices. Files can also be stored in secrets, allowing for storage of private key files, SSL certificates, license keys, network documentation, Microsoft Word or Excel documents and more. | |
Secret Checkout | The Secret Server checkout feature forces accountability on secrets by granting exclusive access to a single user. If a secret is configured for check out, a user can then access it. If Change Password on Check In is turned on, after check in, Secret Server automatically forces a password change on the remote machine. No other user can access a secret while it is checked out, except unlimited administrators. This guarantees that if the remote machine is accessed using the secret, the user who had it checked out was the only one with proper credentials at that time. | |
Secret Key Rotation | Secret key rotation is a somewhat similar process to RPC by which the encryption key, used for securing secret data, is changed and that secret data is re-encrypted. Each secret receives a new, unique AES-256 key. Secret key rotation can be used to meet compliance requirements that mandate encryption keys be changed on a regular basis. | |
Secret Launch | Role permission: Dictates whether or not a user can launch a secret. Previously, a user could launch a secret if their user's role had the "View Secret" permission. As of Version 11.5, a user needs this permission to launch. A user will also need the "Secret Launch Remote Access (Platform)" permission to be able to launch a Remote Session with (RAS) | |
Secret Launch Remote Access (Platform) | Role permission: Dictates whether or not a user can launch a secret. Previously, a user could launch a secret if their user's role had the "View Secret" permission. As of Version 11.5, a user needs this permission to launch a remote session with RAS. | |
Secret Launcher | A secret launcher launches applications on end-user machines and automatically logs on using credentials stored in Secret Server. In general, there are three types of launchers: RDP, SSH, and Custom. This provides a convenient method to open RDP and PuTTY connections, but it also circumvents users needing to know their passwords—a user can still gain access to a needed machine but it is not required to view or copy the password out of Secret Server. A Web launcher automatically logs into websites using the client's browser. | |
Secret Navigation Slideout | The Secret Navigation Slideout is a set of useful links to secret. Its tab appears on the right side of all top-level pages. | |
Secret Server | Delinea Secret Server is an enterprise-grade password management solution designed to help organizations securely store, manage, and control access to privileged credentials. It aims to improve the security of sensitive data, reduce the risk of data breaches, and streamline the password management process. | |
Secret Server Cloud Quick Start | A quick-start guide intended for business users of Secret Server Cloud. | |
Secret Server Migration Tool | A migration utility for importing secrets from other applications | |
Secret Server Mobile | Through the Secret Server Mobile application, users can connect from a mobile device to a Secret Server instance to view, manage, and use secrets stored there. The mobile application interface is similar to the Secret Server interface, which makes it easy for users to navigate to find secrets and secret folders. The mobile application offers useful functionality including multi-factor authentication, biometric authentication, autofill, online and offline caching, and advanced secret workflows. | |
Secret Template | Secret templates are used to create secrets and allow customization of the format and content of secrets to meet company needs and standards. Examples include: local administrator account, SQL Server account, Oracle account, credit card and Web password. Templates can contain passwords, usernames, notes, uploaded files, and drop-down list values. New secret templates can be created, and all existing templates can be modified. | |
Security Alarm Code | Built-in secret template. | |
Security Hardening Guide | A document that outlines security hardening for securing your Secret Server instance, whether it be installed on a single server or in a multi-clustered environment. | |
SEIM | Security Information and Event Management | System for security management. |
SERPENT128 | 128-bit Serpent | A 128-bit encryption algorithm. |
SERPENT192 | 192-bit Serpent | A 192-bit encryption algorithm. |
SERPENT256 | 256-bit Serpent | A 256-bit encryption algorithm. |
Server Suite | Server Suite is a comprehensive security solution designed to manage, secure, and audit both user and privileged account access across a wide range of servers, including Windows, Linux, and UNIX systems. The suite is particularly focused on minimizing the risk associated with privileged access, which can be a significant security vulnerability if not managed correctly. | |
Session Connector | Normally, Secret Server requires installing additional software such as Connection Manager or Secret Server Protocol Handler (SSPH) on the end-user computers to launch secrets, such as RDP, SSH, or custom, and optionally record the session. With Secret Server Session Connector (SSSC) installed on a Remote Desktop Services (RDS) server, anyone who can download and launch a standard Remote Desktop Protocol (RDP) shortcut file can have the same experience. The RDS server itself runs a special SSPH for RDS—SSPH (RDS) as a remote app to record the sessions, so end-users do not need to install any additional software. | |
Session Recording Auditor | Role permission: Grants access to the session recording of a secret to a user with at least "List Access" permission on the secret. Administrators do not have this permission by default. | |
SFTP | SSH File Transfer Protocol | Secure file transfer protocol. |
SHA | Secure Hash Algorithm | A set of cryptographic hash functions. |
SHA256 | 256-bit SHA-2 hash function | A 256-bit cryptographic hash function. |
SHA384 | 384-bit SHA-2 hash function | A 384-bit cryptographic hash function. |
SHA512 | 512-bit SHA-2 hash function | A 512-bit cryptographic hash function. |
SID | Security Identifier | An identifier for security principles in Windows. |
SIEM | Security Information and Event Management | System for security management. |
Site (Distributed Engine) | A bucket of work items for a particular network area. Each engine is assigned to a single site, but each site can include multiple engines, significantly increasing throughput. | |
Site Connector | A Windows service that holds the work items for a number of sites. The site connector can be either RabbitMQ or MemoryMQ (a built-in service developed by Delinea). Each site can only be assigned to a single site connector, but you can have multiple site connectors running on separate machines, each storing work items for multiple sites. Those sites, in turn, distribute the work items among multiple engines. The ability to add new Site Connectors, Sites, and Engines as needed makes Distributed Engine a highly-scalable solution. | |
SLA | Service Level Agreement | A contract for service quality. |
SLO | Service Level Objective | Objective measurements for service quality. |
SMB | Server Message Block | A network file-sharing protocol. |
SMB Fallback | To maximize compatibility across versions of Windows when a heartbeat fails Secret Server makes a second attempt to use the Secret via SMB when Use SMB heartbeat fallback is checked. When Use SMB heartbeat fallback is not selected this second attempt will not be made. | |
SMS | Short Message Service | Text messaging. |
SMTP | Simple Mail Transfer Protocol | Protocol for sending emails. |
SNC | SAP NetWeaver AS for ABAP - Security Network Communications | Security component for SAP. |
SNMP | Simple Network Management Protocol | Protocol for network management. |
SOAP | Simple Object Access Protocol | Protocol for exchanging structured information. |
SOC | Security Operations Center. Secret Server provides audit logs for SOCs monitoring security. | Center for monitoring and responding to security incidents. |
Social Security Number | Built-in secret template. | |
SonicWall NSA Web Admin Account | Built-in secret template. | |
SonicWall NSA Web Local User Account | Built-in secret template. | |
SP | Service Pack | A set of updates for software. |
SPN | Service Principal Name | Identifier for service instances. |
SQL | Structured Query Language | Language for database queries. |
SQL Server Account | Built-in secret template. | |
SRV | Server | Server. |
SS | Secret Server | Server for managing secrets. |
SSC | Secret Server Console | Console for managing Secret Server. |
SSDE | Secret Server DevOps Edition | DevOps edition of Secret Server. |
SSH | Secure SHell | Protocol for secure remote access. |
SSH CA | SSH Certificate Authority | Secret Server can act as a CA for signing SSH certificates. |
SSH Jumpbox Route | A series of regular Linux servers, accessible from the Internet, that is a gateway to other Linux machines on a private network using the SSH protocol. This topic and its subtopics address discuss using jumpbox routes. | |
SSH Key | Built-in secret template. | |
SSH Key Rotation | SSH Key Rotation allows you to manage your Unix account private keys and passphrases as well as their passwords. With key rotation, whenever the password is changed on the secret (manually, during a scheduled auto-change, or when checking in a secret that changes the password on check-in), the public/private key pair will be regenerated and the private key encrypted using a new passphrase. The public key will then be updated on the Unix machine referenced on the secret. | |
SSHD | SSH Daemon (server process) | Server process for SSH. |
SSL | Secure Socket Layer | Protocol for secure communications. |
SSMS | SQL Server Management Studio | Management studio for SQL Server. |
SSO | Single Sign-On | Technology for allowing single sign-on. |
SSP | Secret Server Provider | Provider for Secret Server. |
SSPH | Secret Server Protocol Handler | See Protocol Handler. |
SSPH (RDS) | Secret Server Protocol Handler, RDS Version | A special SSPH for use with SSSC that enables optional keystroke recording. |
SSSC | Secret Server Session Connector | See Session Connector. |
STIG | Security Technical Implementation Guide | Guidelines for securing systems. |
SUDO | Substitute User DO command | Command for temporary superuser access. |
SUPM | SAP User and Profile Management | User and profile management for SAP. |
SUSE | SUSE Linux distribution | A distribution of Linux. |
Sybase Account | Built-in secret template. | |
SYS | System | System. |
SYSDBA | Oracle database superuser role | Superuser role for Oracle database. |
T1 | Thycotic One | See Thycotic One. |
TCP | Transmission Control Protocol | Protocol for reliable data transmission. |
TCP445 | TCP port 445 | Used by SMB for file sharing. |
TCPS | TCP over TLS | TCP traffic over TLS encryption. |
TDC | Tableau Data Connection file | File type used by Tableau for data connections. |
TDE | Transparent Data Encryption. SQL feature used by Secret Server to encrypt database contents. | SQL feature used by Secret Server for database encryption. |
Teams | See User Teams. | |
Thycotic One | A legacy access management product. | |
TID | Thread ID | Identifier for a thread in computing. |
TLS | Transport Layer Security. Cryptographic protocol used by Secret Server for secure communications. | Cryptographic protocol for secure communication. |
TMS | Ticketing Management System | System for managing tickets in IT support. |
TNS | Transparent Network Substrate (Oracle networking) | Oracle networking component. |
TOAD | Toad database admin tool | Database administration tool. |
TOE | Target of Evaluation | Subject of a security evaluation. |
TOP | TakeOut Point | Point where data is extracted. |
TOTP | Time-Based One-Time Password | A type of one-time password that is time-based. |
TPM | Trusted Platform Module hardware chip | Hardware chip for secure computing. |
TRP | Trusted Realm Participant | Participant in a trusted security realm. |
TS | Terminal Services | Services to enable multiple user access to Windows OS. |
TSF | TOE Security Functionality | Security features in a TOE. |
TSG | Technical Support Group | Group that provides technical support. |
TSS | TOE Summary Specification | Summary of TOE security features. |
TTL | Time to live | Time limit for data packets in a network. |
TTLS | Tunneled Transport Layer Security | TLS within another protocol. |
UAC | User Account Control | Windows feature for user permission control. |
UDP | User Datagram Protocol | Protocol for simple, connectionless data transfer. |
UI | User Interface | Visual interface of a software application. |
UMAC | Universal Hashing Message Authentication Code | A type of message authentication code (MAC) calculated choosing a random hash function from a class of hash functions. The resulting digest or fingerprint is then encrypted to hide the identity of the hash function used. |
UNC | Universal Naming Convention (Windows network paths) | Windows network path naming. |
UNIX | Unix operating system | An operating system. |
Unix Account (Privileged Account SSH Key Rotation - No Password) | Built-in secret template. | |
Unix Account (Privileged Account SSH Key Rotation) | Built-in secret template. | |
Unix Account (SSH Key Rotation - No Password) | Built-in secret template. | |
Unix Account (SSH Key Rotation) | Built-in secret template. | |
Unix Account (SSH) | Built-in secret template. | |
Unix Account (Telnet) | Built-in secret template. | |
Unix Root Account (SSH) | Built-in secret template. | |
Unlimited Administration Mode | An emergency, break-the-glass mode that gives administrators access to all content within the system, regardless of explicit permissions. Access to unlimited administration mode is controlled using role permissions. | |
Unlimited Administrator | Role permission: Allows a user to view and edit all secrets in the system, regardless of permissions, when Unlimited Admin Mode is on. Note that another user with the "Administer Unlimited Admin Configuration" role permission would still need to turn this mode on. | |
Unrestricted by Teams | Role permission: Users can view all users, groups, and sites, regardless of team affiliation. Essentially, teams do not exist for the users with this permission, and the Teams page is not available to them. The default user role has this permission. | |
UPN | User Principal Name | User identifier in a Windows domain. |
URI | Uniform Resource Identifier | A unique sequence of characters that identifying a logical or physical web resource. |
URL | Uniform Resource Locator | A type of URI that identifies a web address, including the protocol. |
USB | Universal Serial Bus | A standard for connecting devices. |
User | Users are 's representation of people—one person per user. Each user has a unique username, as well as other attributes. Users are assigned to groups, and roles are assigned to them, either directly or via groups. | |
User Audit Expire Secrets | Role permission: Allows a user to view the "User Audit" report, which shows all secrets that have been accessed by a particular user in a specified date range. Also allows the user to force expiration on all these secrets, which would make Secret Server automatically change the password. | |
User Group | Secret Server allows administrators to manage users through user groups. Users can belong to different groups and receive the sharing permissions, as well as roles, attributed to those groups. This setup simplifies the management of the permissions and roles that can be assigned to a user. Additionally, groups can be synchronized with Active Directory to further simplify management. | |
User Teams | With Secret Server teams, administrators can create special groups called teams to restrict what users can see. A team bundles users and groups to assign them the same rules as to what other users and sites are visible to them. For example, a managed service provider could isolate their customers from seeing other customer's user accounts or a large company could "firewall" their users by department. Site visibility can also be restricted by teams. | |
UTC | Coordinated Universal Time | Standard time. |
UTCNOW | Current time in UTC | Current time in Coordinated Universal Time. |
UTF | Unicode Transformation Format | Encoding for Unicode characters. |
UTF8 | Unicode Transformation Format 8-bit | 8-bit Unicode encoding. |
UTILS | Utilities | Utility tools or programs. |
UX | User Experience | Overall experience of a user using a product. |
View (Folder Permission) | Allows the user to see the folder and secrets in that folder that are inheriting permissions from their folder. | |
View About | Role permission: Allows a user to view the "About" page from the Help menu, which links to external resources such as Technical Support and the Delinea blog. | |
View Active Directory | Role permission: Allows a user to view, but not edit, the Active Directory settings in the system. | |
View Advanced Dashboard | Role permission: Allows a user to view advanced dashboard. Without this permission, users will only be able to view basic dashboard. | |
View Advanced Secret Options | Role permission: Allows a user to view the Remote Password Changing, Security, and Dependency tabs on a Secret they have access to. | |
View Automatic Export | Role permission: The user can view all of the automatic export tabs. | |
View Backup | Role permission: Allows a user to view, but not edit, the automated backup settings. | |
View Configuration | Role permission: Allows a user to view, but not edit, general configuration settings. | |
View Configuration Proxying | Role permission: Allows a user to view, but not edit, SSH Proxy settings. | |
View Configuration SAML | Role permission: Allows a user to view SAML integration settings on the Login tab of Configuration settings. | |
View Configuration Security | Role permission: Formerly "View Security Configuration," allows a user to view the security configuration of Secret Server. | |
View Configuration Session Recording | Role permission: Allows a user to view session recording settings on the Session Recording tab of Configuration settings. | |
View Configuration Two Factor | Role permission: Allows a user to view the configuration settings of the two factor authentication that are available for users logging into Secret Server. | |
View Configuration Unlimited Admin | Role permission: Formerly "View Unlimited Admin Configuration," allows a user to view the Unlimited Admin Mode configuration. Also allows a user to view the Unlimited Admin Mode audit log. | |
View ConnectWise Integration | Role permission: Allows a user to view, but not edit, the ConnectWise integration settings. | |
View Data Retention | Role permission: Can view retained audit data. This permission does not automatically come with the Administrator role. | |
View Deleted Secrets | Role permission: Allows a user to view Secrets that have been deleted in the system. | |
View DevOps Secrets Vault Tenants | Role permission: View (not edit) the DSV tenants set to synchronize with Secret Server. | |
View Disaster Recovery | Role permission: Allows a user to view configuration, logs and audits for Disaster Recovery. | |
View Discovery | Role permission: Allows a user to view, but not edit, computers and accounts that are found by Discovery. | |
View Distributed Engine Configuration | Role permission: Allows a user to view the Distributed Engine configuration. | |
View DoubleLock Keys | Role permission: Allows a user to view which DoubleLock keys exist in the system. | |
View Dual Control | Role permission: Allows a user to view configured Dual Control settings for reports and Secret sessions. | |
View Enterprise Objects | Role permission: Allows a user to view user and secret metadata. | |
View Event Subscriptions | Role permission: Allows a user to view event subscriptions. | |
View Export | Role permission: Allows a user to view the export log of the system to see when users exported secrets. Does not allow a user to export. | |
View Folders | Role permission: Allows a user to view, but not edit, folders in the system. | |
View Group Roles | Role permission: Allows a user to see which groups and users are assigned to which roles. Does not allow a user to change these assignments. | |
View Groups | Role permission: Allows a user to see which groups exist in the system. Also allows a user to see which users belong to each group. | |
View HSM | Role permission: Allows a user to view the Hardware Security Module (HSM) configuration settings. | |
View IP Addresses | Role permission: Allows a user to view IP Address Ranges that have been created to restrict access. Does not allow a user to edit these ranges. | |
View Jumpbox Route | Role permission: Allows a user to view the details of all jump server routes in the Admin Jumpbox Route page but not make any changes. | |
View Key Management | Role permission: Allows a user to view the Key Management settings (Secret Server Cloud only). | |
View Launcher Password | Role permission: Allows a user to unmask the password on the view screen of secrets with a launcher. Typically, this includes Web Passwords, Active Directory accounts, Local Windows accounts, and Linux accounts. | |
View Licenses | Role permission: Allows a user to view, but not edit, the licenses in the system. | |
View Lists | Role permission: View lists and list contents in Admin > Lists. | |
View Nodes | Role permission: Allows a user to view, but not edit, the Secret Server web server nodes. | |
View OpenID Connect | Role permission: View OpenID Connect integration settings in the Configuration Login tab. This replaces the Delinea One equivalent. | |
View Password Requirements | Role permission: Allows a user to view character sets and password requirements. | |
View Pipelines | Role permission: Allows a user to view event pipeline policies and policy activities. | |
View Platform Integration | Role permission: Allows a user to view the Secret Server connection to the Delinea platform. | |
View Remote Password Changing | Role permission: Allows a user to view, but not edit, Heartbeat and Remote Password Changing settings. | |
View Reports | Role permission: Allows a user to view, but not edit, reports. See "Browse Reports." | |
View Roles | Role permission: Allows a user to view roles in the system. Also allows a user to see which groups are assigned to which roles. | |
View Scripts | Role permission: Allows a user to view PowerShell, SQL, and SSH scripts on the Scripts Administration page. | |
View Search Indexer | Role permission: Allows a user to view, but not edit, search indexer settings. | |
View Secret | Role permission: Allows a user to only view which Secrets exist in the system. | |
View Secret Audit | Role permission: Allows a user to view Secret Audit. | |
View Secret Password and Private Key History | Role permission: Allows a user to see the history of passwords, private keys, or passphrases in both old and new UI. | |
View Secret Policy | Role permission: Allows a user to view, but not edit, Secret Policies. | |
View Secret Templates | Role permission: Allows a user to view, but not edit, Secret Templates. | |
View Security Analytics | Role permission: Allows a user to view, but not edit, settings for Privilege Behavior Analytics. | |
View Security Hardening Report | Role permission: Allows a user to view the Security Hardening Report. | |
View Session Monitoring | Role permission: Allows a user to view active launcher sessions. | |
View Session Recording | Role permission: Allows a user to view recorded sessions within Secret Server. | |
View SSH Menus | Role permission: Allows a user to view existing SSH Menus, used in allow-listing commands that can be used on a SSH session. | |
View System Log | Role permission: Allows a user to only view the System Log, which shows general diagnostics information for Secret Server. | |
View Teams | Role permission: Users can view all teams. This is essentially a read-only Administer Teams. | |
View User Audit Report | Role permission: Allows a user to view, but not edit, the User Audit Report. | |
View Users | Role permission: Allows a user to view which users exist in the system. | |
View Workflows | Role permission: View (not edit) workflows used for multi-tier secret-access approvals and secret erase requests. | |
VIM | Vi IMproved text editor | Advanced text editor. |
VM | Virtual Machine | Software emulation of a physical machine. |
VMware ESX/ESXi | Built-in secret template. | |
VNC | Virtual Network Computing | A graphical desktop sharing system that is not unique to Windows. |
VPC | Virtual Private Cloud | Isolated cloud resources. |
VPN | Virtual Private Network | Secure network over the internet. |
VRM | Virtual Resource Manager | Resource manager for virtual environments. |
VTY | Virtual Teletype | Terminal emulation. |
W3C | World Wide Web Consortium | Organization for web standards. |
WAN | Wide Area Network | Network covering a large area. |
WatchGuard | WatchGuard is a technology company that specializes in network security products and services, including firewalls, secure Wi-Fi, multi-factor authentication, and network intelligence solutions for small to medium-sized businesses and organizations. | |
WatchGuard | Built-in secret template. | |
WCF | Windows Communication Foundation | Framework for building connected systems. |
Web Launcher | Web launchers are a separate login method from the Web password filler and provide a convenient click to automatically log on simpler websites. Web launchers do not work on complex login pages that rely on JavaScript. For those login pages, use the browser extension for the Web password filler. By default, Web launchers are enabled on the Web Password Secret template, but they can be enabled on custom templates as well, as described in Enabling Launchers. | |
Web Password | Built-in secret template. | |
Web Password Filler (WPF) | Web Password Filler provides easy password autofill and lifecycle management services for web applications and web sites. It allows browsers to find and enter credentials of users, when a Delinea Platform or Secret Server instance has secrets related to that website. | |
Web Services Impersonate | Role permission: Allows a user to send an approval request to act as another user within their organization when accessing Secret Server programmatically. Administrators do not have this permission by default. | |
WEBM | WebM open media format | Media file format. |
Windows Account | Built-in secret template. | |
WMA | Windows Media Audio | Audio file format. |
WMI | Windows Management Instrumentation | Windows management tool. |
Workflows | Access Request Workflows are improved access requests that allow users to build more complex interactions based on events within Secret Server. The first release of workflows offers access requests. Workflow templates define the series of steps and reviewers required for an access request. You can assign workflows to secrets or secret policies. The original access requests are one level or step—anyone approving approves the request—no other input is required. Workflows allow up to 15 approval steps where approval by reviews in step 1 moves the request to step 2, approval at step 2 moves it to step 3 and so forth. Denial at any step denies the request. | |
WPF | Windows Presentation Foundation | UI framework for Windows. |
WPF | Web Password Filler | See Web Password Filler. |
WS | Web Service | Service available over the web. |
WSDL | Web Service Description Language | XML-based language for describing Web services. |
WSUS | Windows Server Update Services | Windows update management. |
XML | Extensible Markup Language | Markup language for encoding documents. |
XPM | EXtended Privilege Management | Management of extended privileges. |
XSS | Cross-Site Scripting | Web security vulnerability. |
XXE | XML External Entity | XML parsing vulnerability. |
YAML | YAML Ain't Markup Language data format | Data serialization format. |
z/OS | Zero Downtime Operating System | z/OS is a 64-bit operating system for IBM mainframes, designed for robust performance, advanced security, and superior scalability, primarily used in enterprise computing environments requiring high levels of processing power and reliability. |
z/OS Mainframe | Built-in secret template. |