Break Glass Scenarios
The Break Glass concept is a strategy for gaining emergency access to critical systems and secrets when standard access methods are unavailable due to infrastructure issues or other emergencies. This concept ensures continuity and access to essential information during outages or disasters. The Secret Server Break Glass options include:
-
Export Secrets
-
Resilient Secrets
-
Mobile App Offline Caching
-
PCS/Server Suite Agent Offline Operation
Export Secrets
Enable offline access to secrets by exporting them to an encrypted file (CSV/XML).
See Automatic Secret Export feature to export secrets securely for offline access.
Resilient Secrets
-
Create local accounts with necessary permissions for emergency access, and store the credentials securely. Use these accounts only during emergencies and ensure they are audited.
-
Set up Role-Based Access Control (RBAC) to manage permissions effectively. Enable access audit logging to track all activities during break glass scenarios.
See Secret Server Resilient Secrets Architecture for details.
Mobile App Offline Caching
The mobile app can cache secrets for offline use, providing access even if the main infrastructure is down. Enable offline caching in the mobile app settings to access secrets without a live connection, and sync secrets regularly to keep the cache updated with the latest information.
See Setting Maximum Time for Secret Server Mobile Offline Caching for details.
PCS/Server Suite Agent Offline Operation
Configure policy caching to allow operations without a live connection, set up machine-specific MFA (OTP) for secure offline authentication, and ensure policies are regularly updated and tested to confirm offline functionality.
See the Privilege Control for Servers documentation for offline operation details.
