Configure and Use Secrets Safe

The Secrets Safe feature minimizes the risk of unauthorized access to secrets. It allows you to securely store secrets owned by developers and small groups in a controlled environment that you can audit. Secrets Safe supports 3 different types of secrets: credential, file, and text. Password Safe administrators can assign groups in BeyondInsight to teams, in which each team has its own isolated store where users can secure secrets used within that team. The creator of the secret becomes the owner and can assign ownership of the secret to the entire team or one or more individual members. Password Safe administrators and secret owners can manage secret ownership, edit secrets, and delete secrets, while team members may only view and retrieve secrets. Team members can create a folder structure to organize their secrets. Secrets can be found and accessed easily using search and filtering options.

Assign the Secrets Safe Feature to a Group

Access to Secrets Safe is granted to users by assigning permissions for the Secrets Safe feature to a group in which the users are members.

  1. In BeyondInsight, go to Configuration > Role Based Access > User Management.
  2. Click the vertical ellipsis for the group you want to assign the Secrets Safe feature to, and then select View Group Details.

Assign Permissions for the Secrets Safe Feature to a Group

  1. From the Group Details pane, select Features.
  2. From the Features pane, select the Secrets Safe feature.

You can filter the list of features by All Features or Disabled Features, and Feature Name to quickly locate the Secrets Safe feature.

  1. Click Assign Permissions, and then select Assign Permissions Read Only.

 

Group listed as a team on the Secrets Safe page.

  1. Users who are members of the group are granted access to the Secrets Safe page, where the group is listed as a parent level folder representing the team.

The Secrets Safe feature cannot be removed from a group if secrets are still contained within the team.

Create a Secret in Secrets Safe

Users can create secrets in the parent folder for any of their teams or in any of their team's subfolders. The user who creates the secret is its owner by default but may change ownership at time of creating the secret or after the secret has been created. Owners may change the folder for secrets after they have been created.

  1. From the left menu, click Secrets Safe.

Add Secret in Secrets Safe

  1. From the Folders pane, select a folder, and then click Add Secret above the grid.
  2. Select your secret type: Add Credential, Add File, or Add Text, and then fill out the form for each type as detailed in below steps.

 

Add Credential

  1. Enter a Title, Description, and Username.
  2. Set the password:
    • Select Manual Input to manually enter a password.
    • Select Auto Generate and select a Password Policy from the list to have the password created based on the defined policy. Click Generate Password.
  3. Add a note if you require additional information to display for this credential other than its description. You can add Notes as a column when viewing the list of credentials in the grid, and you can also filter the list by Notes.
  4. Click Manage Ownership if you wish to assign ownership to individual team members or to the entire team.
  5. Click Create Secret.

 

 

Add File

  1. Enter a Title and Description.
  2. Drag the file into the Upload File box or click the box to select a file to upload.
  3. Click Manage Ownership if you wish to assign ownership to individual team members or to the entire team.
  4. Click Create Secret.

There are no restrictions on file type; however, files must be 5MB or less.

 

Add Text

  1. Enter a Title and Description.
  2. Enter the body of the text.
  3. Add a note if you require additional information to display for this credential other than its description. You can add Notes as a column when viewing the list of credentials in the grid, and you can also filter the list by Notes.
  4. Click Manage Ownership if you wish to assign ownership to individual team members or to the entire team.
  5. Click Create Secret.

 

Manage Folders in Secrets Safe

Users can organize their team secrets into subfolders under the parent team folder to make locating a secret more efficient.

 

  1. From the left menu, click Secrets Safe.

Create New Folder in Secrets Safe

  1. To create a new folder, select the parent folder or one of its subfolders, and then click Create New Folder.
  2. Enter a name for the folder, and then click Create Folder.

 

Edit or Delete Folder

  1. To edit a folder name or to delete a folder, expand the parent folder, click the vertical ellipsis for a subfolder, and then select Edit Folder or Delete.

You cannot edit the name of a parent folder or delete parent folders. Only subfolders may be deleted. Also, if you do not own all of the secrets in a subfolder, you are not able to delete it.

For more information on how to move a secret to a new subfolder, please see Edit and Delete a Secret in Secrets Safe.

View and Copy a Secret in Secrets Safe

Users can view details for their team's secrets, such as who owns the secret, when the secretwas created and modified, and the folder path for the secret. Users can also copy the username and password for a team secret so they may use it.

  1. From the left menu, click Secrets Safe.
  1. From the Folders pane, select a folder.
  2. From the Secrets grid, click the vertical ellipsis for the secret.

Secrets Safe Credential Options Menu

  1. Each secret type, as indicated by its Type icon, has specific actions available from the options menu, as follows:
    • For credential secrets, you can Copy Username, Copy Password, and Copy Notes.
    • For file secrets, you can Download File and Copy Notes.
    • For text secrets, you can Copy Text and Copy Notes.
  2. To view the details for any secret, select View Details from the menu.

 

View the details of a Secrets Safe Secret

    • While viewing the details for a credential secret type, you can:
      • Click the applicable copy icons to copy the username, password, notes, and folder path.
      • Click the eye icon to show the password.
    • While viewing the details for a file secret type, you can:
      • Click the download icon to download the file.
      • Click the applicable copy icons to copy the notes and folder path.
    • While viewing the details for a text secret type, you can:
      • Click the applicable copy icons to copy the text body, notes, and folder path.

 

Edit and Delete a Secret in Secrets Safe

Secret owners can edit the properties and manage ownership for secrets they own, as well as delete secrets they own. Password Safe administrators can edit the properties, manage ownership, and delete all secrets in Secrets Safe.

  1. From the left menu, click Secrets Safe.
  1. From the Folders pane, select a folder, and then select a secret.

Menu options for a credential secret

  1. Click the vertical ellipsis for the secret.
  2. To delete a secret, select Delete Secret, and then click Delete on the confirmation message.
  3. To edit a secret, select Edit Secret.

 

Edit a Secrets Safe Secret

  1. Modify the properties for the secret as required. To manage the ownership of the secret, click Manage Ownership.

 

  1. Enable the Assign Ownership to Entire Team option to assign all members of the team as owners of the secret. When new members are added to the team, they are automatically assigned as owners of the secret. Alternatively, select individual team members as owners.
  2. Click Apply Ownership Settings.

 

  1. Click Update Secrets once you have made your edits.