Custom Launchers

In addition to the built in PuTTY and Remote Desktop launchers, Secret Server supports custom launchers. A Secret Server custom launcher is a feature that allows you to integrate Secret Server with any application that can be started via the command line. Custom launchers are designed to pass values from the secret text fields to the command-line of the application being launched. This enables users to initiate processes or connect to services directly from the Secret Server interface without having to manually enter credentials or other required information.

For more information on launcher arguments see Custom Launcher Process Arguments.

Like the built in launchers, custom launchers run on the users machine not on the web server. Launcher Processes can be set to run either using the credentials of the logged in user or the credentials of the secret. The "Run Process as Secret Credentials" check box is used to switch between theses two options.

Custom launchers are needed for several reasons:

  • Integration with Various Applications: They allow Secret Server to work with a wide range of applications beyond the built-in launchers like PuTTY and Remote Desktop.

  • Automation: They automate the process of logging into applications, saving time and reducing the risk of errors from manual entry.

  • Security: They help maintain security by not exposing sensitive credentials, as the credentials are passed directly to the application without user interaction.

  • Flexibility: They provide flexibility to tailor the launcher to specific organizational needs or to work with custom applications.

  • Convenience: They offer a convenient way for users to access remote systems or applications with a single click from the Secret Server interface.

There are four types of custom launchers to choose from:

  • Process: Launches a process on the user's machine and replaces parameters with values from the Secret.

  • Proxied SSH Process: Launches an SSH client on the user's machine, connecting through Secret Server's proxy.

  • Batch File: Launches a batch file on the user's machine using information from Secret Server.

  • Session Connector Launcher: Allows for downloading and running an RDP file to launch into a Remote Desktop Server with a protocol handler installed.

Having four different custom launchers in Secret Server is necessary to provide flexibility and cater to a variety of use cases and applications that organizations might need to integrate with. Each type of custom launcher serves a specific purpose and addresses different requirements:

  • Process Launcher: This is the most general type of custom launcher. It is used to launch any application that can be started from the command line on the user's machine. It is highly customizable and can pass parameters from the Secret directly to the application. This type of launcher is useful for a wide range of applications that do not require special handling or proxying.

  • Proxied SSH Process Launcher: This launcher is specifically designed for SSH clients other than the built-in PuTTY launcher. It provides an additional security layer by proxying the connection through Secret Server, which prevents credentials from being exposed on the client's machine. This is particularly important for secure environments where SSH credentials need to be protected.

  • Batch File Launcher: This launcher allows for the execution of batch files, which can contain a series of commands and can launch multiple processes. This is useful when a sequence of actions needs to be performed, or when integrating with complex systems that require more than a single command-line instruction.

  • Session Connector Launcher: This launcher is used for more advanced scenarios where an RDP file needs to be downloaded and run to establish a Remote Desktop connection. It is particularly useful when client machines do not have certain applications installed, as it does not require any installation on the end-user's part.

The variety of custom launchers ensures that Secret Server can be adapted to the unique operational needs of different organizations. It allows for seamless integration with a diverse set of applications and services, enhancing both the user experience and security posture by automating access and protecting sensitive credentials.

See also Configuring SSH Proxies for Launchers.