Backup, Disaster Recovery, Break Glass, and Resilient Secrets

Backups

Backups are routine copies of critical data that protect against accidental deletion, corruption, or other data-loss incidents. Secret Server supports both manual and scheduled backups of the database and IIS directory, providing a reliable way to safeguard the data itself. These backups ensure that individual records or files can be restored even if the production system remains intact. Administrators can also export secrets to a CSV file as an additional precaution to strengthen data protection. See Secret Server Backup for details.

Disaster Recovery

Disaster recovery is the broader strategy for restoring the entire Secret Server environment after a major outage or catastrophic event. While backups preserve the data, disaster recovery focuses on bringing the full application and all related services back online. Secret Server enhances this capability through SQL mirroring and automatic failover, which minimize downtime and keep privileged access secure and accessible. These measures enable rapid restoration of both the application and database, ensuring operational continuity when a disaster occurs. See the Secret Server Disaster Recovery for details.

Break-Glass

The break-glass concept provides emergency access when standard methods are unavailable because of infrastructure failures or other emergencies. It ensures continuity and access to essential information during outages or disasters. Secret Server supports several break-glass options, including exporting secrets for secure retrieval when systems are down, maintaining resilient secrets that remain accessible during outages, allowing mobile app offline caching so authorized users can retrieve cached secrets without connectivity, and enabling PCS/Server Suiteagent offline operation, which uses policy-cached authentication and machine-specific MFA for secure access when servers cannot be reached. See the Break Glass Scenarios for details.

Resilient Secrets

Resilient secrets is a specific, scoped replication feature. It replicates prioritized vital data and functionality from a primary data source to a secondary data replica, but it does not replicate the entirety of a Secret Server instance. The idea is that during an outage, you get access to the most critical information—secrets, folders, users, groups, roles, launchers, templates, teams, lists, and metadata—while keeping minimal operations running. It syncs every 15 minutes and lets you choose your replica topology: cloud-to-cloud, cloud-to-on-prem, on-prem-to-on-prem, or on-prem-to-cloud.

The key characteristic of resilient secrets is what it doesn't replicate. Features excluded from replication include discovery, remote password changing, event pipelines, event subscriptions, secret policies, session recordings, SAML configuration, HSM configuration, scripts, workflows, dual controls, and several others. User passwords for local accounts aren't replicated either—admins have to manually reset them on the replica. 2FA configuration doesn't carry over. The replica runs in a locked-down read-only mode with many features disabled.

For traditional DR, on-premises-to-on-premises configurations must run identical Secret Server versions. This is the broader infrastructure-level approach — think SQL Server availability groups, RabbitMQ HA/DR across sites, database failover, and so on. It's about ensuring the entire environment can fail over, not just a prioritized subset of data.

In short, resilient secrets is a built-in, selective replication feature focused on break-glass access to critical secrets data. Traditional DR is a full-environment failover strategy that relies on underlying infrastructure (SQL availability groups, matching SS versions, RabbitMQ clustering across sites) to restore the complete instance.