Password Safe Features

Leverage a distributed network discovery engine to scan, identify, and profile all privileged accounts and assets. Benefit from smart automation to dynamically categorize accounts and assets, and appropriately auto-onboard.

Combine management of privileged passwords, DevOps secrets, workforce passwords, and privileged sessions in one solution. Control privileged accounts, secrets, applications, SSH keys, cloud admin accounts, RPA accounts, and more, with a searchable audit trail for compliance and forensics.

Manage privileged accounts and privileged passwords across all environments, including Windows, macOs, Unix, Linux, etc. Enforce password and account security best practices. Rotate privileged passwords on a schedule, based on sensitivity, or based on risks and other parameters.

Record privileged sessions in real time via a proxy session monitoring service for SSH and RDP. View any active privileged session, and, if required, pause or terminate the session.

Use keystroke indexing and full text search to pinpoint data, and then log an acknowledgement of the review for audit purposes. Build reports for usage, audit, forensics, and regulatory compliance purposes.

The product uses standard desktop tools such as PuTTY and Microsoft Terminal Services Client, ensuring administrators can leverage commonly used tools.

Identify and automatically eliminate hardcoded and embedded application credentials, to remove them as an attack vector. Replace hardcoded passwords with managed credentials, ensuring they always stay fresh and secure.

Extensive security controls lock down access to only authorized applications. The product also manages passwords for service accounts and other non-human / machine identities.

An extensible REST interface supports many languages, including C/C++, Perl .NET, and Java.

Securely manage credentials (API keys, Tokens, Certificates, JSON files, XML files, etc.) owned by cloud developers and DevOps. Secrets are managed through a graphical user interface and can be uploaded and retrieved using the GUI or by using the supplied API. Non-human or service tasks can make full use of the API to retrieve secrets they require to access resources. Teams desiring to use Kubernetes will benefit from BeyondTrust's unique secrets management using Kubernetes Sidecar, which simplifies the logic for connecting to and retrieving secrets from the secrets safe.

Improve SSH security and simplify management of SSH keys by onboarding, storing, and managing private keys like any other privileged credential.

Automatically log users onto Unix or Linux systems through the proxy, with no user exposure.

Record every privileged session with full playback and key usage auditing. Allow SSH sessions to be easily established via your existing desktop tools--without having to initiate with a web interface.

With Workforce Passwords, organizations can extend Password Safe capabilities further by securing business application passwords, gaining visibility of account activity, reducing the attack surface, and ensuring compliance. Preserve end-user efficiency and benefit from the best of user experience, combined with robust enterprise-level security and scalability, for employee application accounts.

Enable the dynamic assignment of just-in-time privileges via the Advanced Workflow Control engine.

Policies can be extended to block password access to designated resources. Exceptions can be defined to allow requests that originate from the corporate network, another approved source, or from approved vendors. This capability ensures users have the right access according to the context of their request, thereby minimizing opportunities for exploiting privileged credentials.

The Password Safe API is designed to address single sign-on shortcomings, simplify developer access, and offer secure credential management.