Secret Store: Store and Access Secrets

Security > Secret Store in /appliance

Add Secret Store

Create and manage AWS secret keys to securely store encryption keys and site data.

 

Edit KMIP Secret Store in /appliance

Configuring a KMIP server for an encryption store is no longer supported in version 6.0. If you have a KMIP server configured for your encryption prior to version 6.0, your KMIP server will be migrated to the Secret Store list where you may edit, delete, and test it.

 

Security AWS Secret Store add key

To add a store, click Add Store, fill out the AWS secret store information, and then click Save Store.

Check the Rotate Access Key box only if you are not using the credential in any other system.

 

Security Added AWS Secret Store

After a secret store is added, click Test to verify connectivity to the AWS server, ensure correct permissions are in place for the user account, and the credentials can access the AWS server.

For added security, configure your AWS Identity and Access Management (IAM) Policy to limit access to resources matching BeyondTrust-* on the following permissions:

  • DescribeSecret
  • GetSecretValue
  • TagResource
  • UntagResource
  • CreateSecret
  • DeleteSecret
  • UpdateSecret

For more information on managing AWS IAM Policies, see Managing IAM Policies.

If you delete the last remote store, a message displays indicating secrets will be moved locally.