Secret Store: Store and Access Secrets in Privileged Remote Access Cloud
Create and manage AWS secret keys to securely store encryption keys and site data.
Configuring a KMIP server for an encryption store is no longer supported in version 6.0. If you have a KMIP server configured for your encryption prior to version 6.0, your KMIP server will be migrated to the Secret Store list where you may edit, delete, and test it.
To add a store, click Add Store, fill out the AWS secret store information, and then click Save Store.
Check the Rotate Access Key box only if you are not using the credential in any other system.
After a secret store is added, click Test to verify connectivity to the AWS server, ensure correct permissions are in place for the user account, and the credentials can access the AWS server.
For added security, configure your AWS Identity and Access Management (IAM) Policy to limit access to resources matching BeyondTrust-* on the following permissions:
For more information on managing AWS IAM Policies, see at https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage.html.
If you delete the last remote store, a message displays indicating secrets will be moved locally.