Secret Server from Thycotic is a mighty, web-based password management software that allows you to store securely all critical passwords in a central database.
- OpenVPN IPv6 and IPv4 configuration - Mon, Mar 1 2021
- 4sysops author and member competition 2020 - Fri, Jan 1 2021
- Assign an IPv6 address to an EC2 instance (dual stack) - Tue, Dec 15 2020
When I started with system administration (must have been a century ago), one of the biggest sins was writing down passwords. Those times are long gone. The number of passwords each of us are using has skyrocketed , and a password is only secure if it can't be easily memorized. Thus, nowadays, it is commonplace that passwords are stored in a secure place.
It is a Sisyphean challenge for every IT department of a certain size to keep track of admins who has access to certain management passwords and to change passwords regularly without locking out admins. Have you ever come back from a vacation and realized that you can no longer log on to your servers?
With Secret Server, you ensure that passwords are changed regularly and that every admin always has access to the latest passwords. You can configure either intervals or specific dates when a certain password expires. Admins can be informed automatically by email once a password has been changed. Then they only have to log on to Secret Server to get access to the latest passwords
Thycotic prefers the term "secrets" instead of passwords because you can store all kinds of additional information with Secret Server. The free password management software offers quite a few templates that allow you to create new secrets easily for a specific application type. Each template has different database fields that are useful for the corresponding secret.
For instance, there are templates for Active Directory accounts, Remote Desktop accounts, web passwords, and social security numbers. You can also create your own templates, which enables you to store every kind of confidential information with Secret Server.
Secret Server is equipped to manage a huge number of passwords. You can organize passwords in folders, and you can restrict your search to the password type (template) and to the status of a password (active, deleted).
The powerful reporting features are not only useful for large organizations. In particular, the user auditing reports help you to improve security because you can see when and from where secrets have been accessed. You can also access the audit trail for a particular secret. For example, you can view when a certain password was changed or viewed.
Thycotic offers an online version of Secret Server, but I suppose most organizations will prefer to install the password management software in their own datacenter. Secret Server runs on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 and requires Microsoft SQL Server 2005 or 2008. Secrets are encrypted with AES 256, and the communication between browser and server is secured with SSL.
The main limitation of the free edition of Secret Server is that it only supports one user account. That means that all admins in your organization will have access to all passwords. The commercial edition allows you to configure different privileges for individual admins and groups. Other important features of the Professional edition are Active Directory integration and automatic password changing (Windows accounts, UNIX accounts, database passwords, Cisco devices).
I only scratched the surface of this powerful password management software. I didn't cover the mobile apps (iPhone, Blackberry), automatic logins, custom encryption keys (DoubleLock) and other cool features. When I played with the online password manager version, I missed quite a few of Secret Server's important functions. Only when someone from Thycotic presented the tool to me in an online demo did I get an idea of the extent of Secret Server's capabilities.