Requirements: Roles and Settings

Roles and Features

The Password Safe user running the Secrets Cache must have at least one managed account Smart Rule configured with the requestor or requestor/approver role, and must also have the Secrets Safe feature assigned.

ISA Role

The Secrets Cache does not currently support ISA-based password requests; therefore, it’s important to ensure the user running the cache does not have the ISA role defined for any managed account Smart Rules.

Access Policy

Auto Approval

Create Schedule in an Access Policy with Policy Type set to View Password and Auto Approve.

The managed account Smart Rule configured with the requestor or requestor/approver roles must have an access policy assigned that has View Password access set to Auto Approve.


Daily Recurrence - Multi-day Checkouts

Create Schedule in an Access Policy with daily recurrence set to allow multi-day checkout of accounts.

If the access policy is configured for Daily recurrence, ensure Allow multi-day checkous of accounts is enabled.


Managed Account Settings

Enable for API Access

Ensure this option is enabled for managed accounts that will be cached.

Default Release Duration

The Default Release Duration is used to determine how long account credentials are cached before being renewed.

Concurrent Requests

If the managed accounts configured to be cached will also be used by other Password Safe users at the same time, concurrent requests should be set to zero (0 denotes unlimited) or a value greater than one. Requests performed by the Secrets Cache count as a request.

Supported Operating Systems

  • Windows Server 2012 R2 and above releases
  • RHEL 64 bit version 7 or higher

Supported APIs

  • POST Auth/SignAppIn
  • POST Auth/Signout
  • GET Requests
  • POST Requests
  • POST Aliases/{aliasId}/Requests
  • GET Credentials/{requestId}
  • GET Aliases/{aliasId}/Credentials/{requestId}
  • GET ManagedAccounts
  • GET ManagedAccounts?systemName={systemName}&accountName={accountName}
  • GET Aliases
  • GET Secrets-Safe/Secrets/{secretId}/file/download
  • GET Secrets-Safe/Secrets/{secretId}
  • GET Secrets-Safe/Secrets

For details on each method, please see the BeyondInsight and Password Safe API Guide.