Secret Store: Store and Access Secrets in Privileged Remote Access Cloud

Security > Secret Store Header


Add Secret Store in /appliance

Create and manage secret keys stored in AWS to securely store encryption keys and site data. To add a secret store, select the store from the dropdown, and then click Add Store. Provide and save the information for the store as shown in the steps below.


Add an AWS Secret Store in /appliance.

Add AWS Secret Store

  1. Provide the Access Key ID, Secret Access Key, and Region.
  2. Check the Rotate Access Key box only if you are not using any of the same IAM user's credentials in any other system.
  3. Click Save Store.
  4. It is also necessary for any firewall to allow outbound traffic to the IP addresses associated with the region endpoint used for the secret store.

IP addresses may change. Please see the current list of IP addresses at AWS IP address ranges.

For the list of endpoints, please see AWS Secrets Manager endpoints and quotas.




For added security, configure your AWS Identity and Access Management (IAM) Policy to limit access to resources matching BeyondTrust-* on the following permissions:
  • DescribeSecret
  • GetSecretValue
  • TagResource
  • UntagResource
  • CreateSecret
  • DeleteSecret
  • UpdateSecret

For more information on managing AWS IAM Policies, see Managing IAM Policies.

If you delete the last remote store, a message displays indicating secrets will be moved locally.