Using QuantumLocks

Using QuantumLocks in Secret Server involves leveraging an additional security layer to protect secret data through asymmetric encryption, where the private key is a human-generated password. This feature, previously known as DoubleLock, is independent of regular permissions and Secret Server login access. QuantumLocks are particularly useful for securing highly sensitive data against future quantum computing threats. When a secret is protected with a QuantumLock, only users with access to the QuantumLock and the corresponding password can decrypt the secret. This ensures that even if Secret Server is compromised, the secrets remain secure. QuantumLocks can be applied to various types of sensitive information, such as global admin passwords, root account passwords, and personal information. However, it is important to note that enabling QuantumLock disables certain features like Remote Password Changing (RPC) and heartbeat, making it unsuitable for secrets requiring frequent password rotations.