Secret Template List Fields

Overview

Introduction

With secret template list fields, administrators can create new lists that can be shared by multiple secrets. Clicking on an existing list goes to the details page for that list where the user can set the list's name, description, and the options available in the list.

You can also group list options by category, which make using very large lists easier. For instance, a list of machines might have the machines categorized by function, such as "Web Server" or "Database Server." You could also use categories for locations, such as "London," "New York," or "Tokyo."

List categories are displayed on the secret and on the launcher dialog, with the options sorted alphabetically within categories. Categories are also sorted alphabetically. Options can be duplicated in multiple categories and will show up in each one. In addition to manually adding categories and options, you can also upload a file containing the list options.

In general, there are two types of list fields:

  • Allow Lists: These lists display a searchable dropdown of the server names or IPs entered in the list for the user to select from. Only entries from this list are allowed to be used.

  • Deny Lists: With deny lists, a user can type in any server name or IP address, and Secret Server then compares these entries with a list of blocked entities.

If both types of list are set, the user sees a dropdown of all items in the Allow list that are not also in the Deny list. This setup is helpful when using the same allow list on multiple secrets, where you do not want some of those servers used with specific secrets. Using both lists, customers do not need to create separate versions of almost identical allow lists and can instead just choose to restrict some options.

Comma-Delimited Lists

There are two types of list filtering in Secret Server: the above mentioned list filtering, as well as the ability to assign a text or notes field on the secret as a comma-delimited list of server names. The former has the benefit of being shared between secrets, but the latter is useful as a one-off on a single secret. A comma-delimited list can be either an allow or a deny list.

Adding a New List Field

Task 1: Create the List

  1. Search for Categorized Lists. The Lists page appears.

  2. Select the Create List button. The Create List popup appears.

  3. Type the name in the Name text box.

  4. (Optional) Type a description in the Description text box.

  5. Click the Save button. The List detail page for the new list appears.

  6. Select the List Optionstab.

  7. If you want to create a list with no categories, choose Create Option from the dropdown.

  8. In the Parent Category field choose Uncategorized and Save:

  9. If you want to create categories from a comma-delimited list:

    1. Select the expand arrow next to the Create Option button.

    2. Choose Add from File.

    3. Choose a Category Separator, either a comma or a semi-colon.

    4. Upload a .csv file.

      The Import file can only be a .csv file and should be in the format of "option,category" with one pair per line. If no separator is found the entire row is considered to be the option:

  10. To create a category, select Create Category from the Create Option dropdown. The Create Category popup appears.

  11. Type in the Category name and click Save. The category name now appears in the category dropdown list. For this example, Manhattan was entered.

  12. Add another category the same way.

  13. Click Create Option. The Create Option popup appears.

  14. Type the name for the Option in the Option Name text box.

  15. From the Parent Category dropdown, select the category you just created, e.g. Manhattan.

  16. Click Save. The new option appears in the list with the option name you gave as the Value.

  17. Repeat the process for the other category you created. You now have a new categorized list available for secrets (via a secret template with the list).

    If you ever want to view past changes to a list or category, click the Audit tab for the list.

Editing Using the Side Menu

After creating an option it is possible to edit it in the List options tab:

  1. Click on one of the options you created.

  2. A sidebar appears where you can:

    1. Update Option: Rename the option.

    2. Move to Category: Move the option to another category in the same list.

    3. Delete Option: Remove the option from the category list.

Task 2: Create a Template Using the List

  1. Search for Secret Templates. The Secret Templates page appears.

  2. Select Create/Import Template. The Create Template pop up appears.

  3. Leave the option button set to New.

  4. Type in a name in the Template Name text box.

  5. Click Save. The General tab page for that new template appears.

  6. Select the Fields tab.

  7. Click Add Field. The Add Field popup appears.

    1. Type a name in the Name text box for the first (and currently only) field.

    2. The Field Slug Name automatically updates to match the name.

    3. (Optionally) add a description for the field.

    4. In the Data Type dropdown list, select List.

    5. Select Save. The new field appears in the table.

  8. Select the field you just created. Its configuration page appears.

  9. (Optional) Click the Edit button in the Template Field Details section to further customize the field:

Task 3: Create a Secret Based on the Template

  1. Select Secrets from the main menu.

  2. Click the Create secret button. The Create new secret popup appears.

  3. In the Choose a secret template list, select the secret template you created in Task 2.

  4. The Create New Secret popup updates to reflect your chosen template.

    Note that one of the dropdown lists is labeled with the same name as the list field you created earlier.

  5. Give the secret a name.

  6. For the list field you created, from the dropdown, select the name of the list of categories you created.

  7. Leave the Site set to Default.

  8. Select Save. The secret Overview tab loads automatically. Note that there is a new tab called List Fields.

If you add a List field into any Secret template, when creating a secret based on that template you are prompted to select one Categorized list. When you edit that secret, you'll now find a List fields tab on it, from where you'll be able to find every list field from the template, and have the option to add more categorized lists.
Please note that list fields are simply metadata. To use them for restricting targets, edit the secret template by modifying the appropriate launcher mapping so that user input is limited based on your specified list fields. Then, select the list field from the template fields.