Secret Server User Guide

This article provides further information using Secret Server.  For information on what is a Privileged Access Management System (PAM) or why Implement a Privileged Access Management System (PAM) review the help article General Information on Secret Server.  


When a secret is created, you can go to the security tab of that secret and enable the Approval feature which requires users to get approval before being able to access the secret. You can then define which users need to request approval, the workflow steps of the approval, and assign which users can grant approval. All approval requests are in the Inbox section for users assigned as approvers. Users can also request more time once their initial access is approved by an approver.

Uploaded Image (Thumbnail)

Why Implement a Privileged Access Management System (PAM)? 

With the growth of the cyber world there is a growth in cyber-attacks specifically account based attacks. If one administrative account is compromised an attacker could have access to shut down critical resources. This is why PAM is so pivotal in adding that extra layer of account security. PAM helps against: 

  • Lack of visibility and awareness of privileged users, elevated access, accounts, assets, and credentials 
  • Mismanagement of passwords  

Revoke approval 

To revoke a user's granted approval to a secret an assigned approver can go to into the inbox, click on the drop down of the pending review tab and click on the approval tab to see the history of approvals and revoke any active approvals. 

Uploaded Image (Thumbnail)

Check Out 

Along with the approval feature there is also the Check Out feature that can be found in the security tab of a secret and when enabled will require a user to check out a secret before they can access it. This allows only one user at a time to have access to that secret.  When enabling this feature, you can set a custom time of how long you would like a Check Out to last. A user can Check In a secret at any time once they checked it out. If both Approval and Check Out are enabled a user must gain approval from an approver before they have the option to check the secret out. 

Uploaded Image (Thumbnail)


Secret Deactivation  

To deactivate a secret, you no longer wish to use (If a secret needs to be erased, the administrator must erase the secret) Navigate to the dashboard where there is a list of secrets created. Check the box to the left of the secret. Once the box is checked, a message will pop up at the bottom of the dashboard with a button called Bulk Actions. A new menu box with pop up and there the deactivate button will be found. If you do not have permission to re-activate an account, contact the administrator.  

Technical Links 

Was this helpful?
0 reviews
Print Article


Article ID: 150350
Fri 3/17/23 8:00 PM
Mon 7/31/23 10:36 AM