Delinea Documentation - Secret Server - 11.1.0

Secret Server: 11.1.000006 Release Notes

Release dates:

January 11, 2022 (On-Premises)

January 15 2022 (Cloud)

Important: If you installed Secret Server as your default or top-level website and you have Privilege Manager (PM) and Secret Server installed together, you may experience the following issues after upgrading to .NET Framework 4.8:

If you believe this scenario applies to you, please contact Delinea Support before performing a .NET, Secret Server, or PM upgrade.

New Features and Enhancements

Master Encryption Key Rotation

Secret Server can now generate new master encryption keys via a rotation process. Previously, the master encryption key was generated at installation and rotation was not possible.

This feature is at Admin > Configuration on the Security tab in the Master Encryption Key Rotation section.

Note: Secret encryption uses a different key, and the independent secret key rotation is still available.

SSH Jumpbox Route Support

SSH jumpbox routes allow SSH terminal and proxy to connect through one or more jumpbox servers in line to a final connection when launching from that target server's secret. An SSH jumpbox, a type of bastion host, is a regular Linux server, accessible from the Internet, that is a gateway to other Linux machines on a private network using the SSH protocol.

Note: Bastion means a projecting part of a fortification. Bastion hosts are hardened and monitored servers that reside outside of an organization's security zone, usually exposed to the internet. SSH jumpboxes are also called bastion hosts, jump hosts, jump boxes, or jump servers. All jumpboxes are bastion hosts, but all bastion hosts are not necessarily jumpboxes.

RDP Clipboard and Drive Mapping

Gives the owner of a secret control of the RDP clipboard and drive mapping settings, restricting users from using their alternative settings. This provides administrators enforcement control over secrets and users’ RDP launcher settings.

Checkout Time Indicator

There is now an indicator within secret details that shows the remaining time on a checkout and can extend the checkout if required. The indicator is color coded and counts down in days, hours, or minutes.

Click the timer for an option to extend the checkout if this is enabled. The setting to enable checkout extension is at Admin > Configuration on the General tab. Enable the "Enable Secret Check Out Extension" check box after clicking the Edit button.

Enhanced Diagnostic and Logging Functionality

The logging level of Secret Server web nodes and distributed engines are now centrally configurable and collectable. This feature is especially useful for large systems with many nodes and engines.

Configuration for the web nodes is found on the Server Nodes configuration page, alongside role settings. Configuration for distributed engines is found in the Distributed Engine configuration page. Log levels include: All, Debug, Info, Warn, Error, Off, and Not Set (the default). Previously, manual configuration file changes were required. “Not Set” relies on the configuration files for the logging level, which was the previous default behavior.

The diagnostic feature for collecting logs is improved and now gathers logs from all nodes and engines. This feature is at Admin > Diagnostics.

API Automatic Checkout

There are now automatic check in and check out parameters for secret API calls that can check in and out, leave comments, and force check in. The parameters are:

This functionality is currently available on the following endpoints:




Bug Fixes

Access Requests and Secret Workflows


Alerts, Auditing, and Logs

Authentication, Login, and Directory Services


Encryption, Passwords, and Certificates

Event Subscriptions and Pipelines


Fixed an issue where folder owners cannot move secrets to a folder if the owner does not have access to the folder's parent folder.


Heartbeat, Distributed Engines, and RPC

Installation, Upgrade, and Uninstall



Remote Access and Proxies


Secret Server Cloud

Fixed an issue where secret key rotation could trigger database growth when used with KMS key protection.

Secrets, Policies, and Templates

Session Recording


Users and Groups


Fixed an issue where switching languages would display the incorrect OEM logo and product name in the classic UI.

Web Password Filler


Future and Recent Deprecations

Note: This section describes planned future deprecation of feature or platform support in Secret Server.