Secret Server End User Guide

This guide is for regular, non-administrative, users of Secret Server. It is mostly a set of links to a subset of the greater corpus of Secret Server documentation. For Secret Server Cloud, see the Secret Server Cloud Quick Start.

What Is Secret Server?

Secret Server is a comprehensive Privileged Access Management (PAM) solution designed to protect, control, and manage privileged accounts and credentials within an organization. It offers a secure, centralized vault to store sensitive information, such as passwords, keys, and certificates, while ensuring that access to these critical assets is granted only to authorized personnel.

Equipped with advanced features like access control, auditing, and automated password rotation, Secret Server enables organizations to maintain a strong security posture, reduce the risk of data breaches, and comply with regulatory requirements.

What Is the Purpose of the End User Guide?

Secret Server is a powerful, advanced product with a wide range of capabilities. Even so, it is very easy to use for regular day-to-day operations for non-technical people. The key to this is knowing what to ignore and understanding the bits you do need to know. This guide is designed to help you do just that. It provides links to only what you need to know. You can add other topics later as needed.

Getting Help

Important: When using this User Guide, it is easy to get lost in the ocean of Secret Server documentation. To avoid that, we recommend using <Ctrl > + click to access the links here. That way, the page you are going to will open to a new browser tab, leaving this one as is, making it much easier to get back to. You can also simply use the browser back button to return, but that can get tiresome because many pages link to others.

Logging on Secret Server

Depending on how your administrators configured Secret Server, you can log on with either your Active Directory account or a local account.

  1. In your browser, go to the URL for your organization's Secret Server.

  2. On the Pick Your Account popup, select your Active Directory account. The Enter Password popup appears. If you do not have an AD account, you may need to enter your local or domain information.

  3. Click the Sign In button. If you have Duo two-factor authentication, this appears:


    Your cell phone receives a notification you have to approve to access Secret Server.

    Secret Server also supports other two-factor authentication methods (depending on what your organization configured), such as text or email codes that Secret Server prompts you for.

    After you log on with your local account for the first time, you are immediately prompted to change your password .

  4. Click the Login button. The Secret Server All Secrets page appears.


Secrets are individually named packets of sensitive information, such as passwords. Secrets address a broad spectrum of secure data, each type represented and created by a secret template that defines the parameters of all secrets based on it. Secrets are very powerful and provide many ways of controlling and protecting their data, such as:

  • Ensuring passwords are long, complex, and frequently changed.
  • Relieving users of having to remember numerous complex passwords or when to change them. You only need to remember your password to access Secret Server. All of your secret passwords are managed for you.
  • Automatically changing passwords at set intervals with no user intervention.
  • Defining who has access to the secret.
  • Ensuring the person accessing Secret Server or a secret is indeed you.
  • Recording who actually accessed a secret.

All secret text-entry field information is securely encrypted before being stored in the database, including a detailed audit trail for access and history.

Some important basic information about secrets:

Secret Folders

Secret folders allow you to create containers of secrets based on your needs. They help organize your customers, computers, regions, and branch offices, to name a few. Folders can be nested within other folders to create sub-categories for each set of classifications. Secrets can be assigned to these folders and sub-folders. Folders allow you to customize permissions at the folder level, and all secrets within can inherit the folder's permissions. Setting permissions at the folder level ensures future secrets placed in that folder have the same permissions, simplifying management across users and groups.

Using Secrets on Websites (Web Password Filler)

Please set up Web Password Filler (WPF) in the following order:

  1. Ensure you can log in to Secret Server the conventional way.

  2. If necessary, create a folder in Secret Server where the WPF secrets will reside.

  3. Install the WPF browser extension.

  4. Configure WPF to point to Secret Server.

  5. Login to Secret Server via WPF.

Checking out Secrets

The Secret Servercheck-out feature grants exclusive access to a single user. If a secret is configured for check out, a user can then access it. No other user can access a secret while it is checked out, except unlimited administrators. This guarantees that if the remote machine is accessed using the secret, the user who had it checked out was the only one with proper credentials at that time. See Secret Checkout for details.

Getting Notified of Secret Events

Secret Server records specific events, including expired secrets, and optionally sends you alerts when they happen. See the Inbox and Creating Event Subscriptions for details.

Learning More About Secret Server—the Getting Started Tutorial

We created a Getting Started Tutorial for technical users. While it covers many things you do not need to know right now, you may later find it helpful if you want to get a deeper understanding of Secret Server.