Delinea Secret Server

Why Delinea Secret Server?

71% of organizations have shared passwords without audit. Spreadsheets and text files with passwords are critical risks. Manual password rotation is impossible to maintain. No visibility into who, when, and what had access.

Delinea Secret Server is an enterprise password vault for privileged credentials. Automatic rotation eliminates stale passwords. Session recording provides complete audit trail. 150+ templates for fast onboarding.

How does it work?

Secure Vault

Encrypted credential storage:

• AES-256 encryption
• Hardware Security Module (HSM) support
• Multi-layer protection
• Disaster recovery
• High availability

Automatic Rotation

Hands-off password management:

• Schedule-based rotation
• On-demand rotation
• Heartbeat verification
• Rollback capability
• Custom rotation scripts

Access Control

Granular permissions:

• Role-Based Access Control
• Folder hierarchy
• Approval workflows
• Time-based access
• Emergency break-glass

Main features

Secret Management

• Store all credential types
• Organize in folders
• Tag and categorize
• Version history
• Custom fields

Workflow

• Request/approval process
• Check-in/check-out
• One-time passwords
• Comment requirements
• Dual authorization

Session Recording

• RDP session capture
• SSH session logging
• Keystroke recording
• Video playback
• Searchable metadata

Discovery

• Network scanning
• AD account discovery
• Service account identification
• Dependency mapping
• Privileged account detection

Supported Account Types

Category	Examples
Windows	Local admin, domain admin, service accounts
Linux/Unix	Root, sudo users, SSH keys
Database	SQL Server, Oracle, MySQL, PostgreSQL
Network	Cisco, Juniper, F5
Cloud	AWS IAM, Azure AD, GCP service accounts
Application	SAP, ServiceNow, custom apps

Deployment Options

SaaS (Secret Server Cloud):

• Azure-hosted
• Always updated
• Fast deployment
• Subscription model

On-Premises:

• Full control
• Air-gapped support
• SQL Server backend
• Perpetual licensing option

Who is it for?

• Enterprise with privileged credentials
• Organizations with audit/compliance requirements
• IT teams managing shared accounts
• Security teams implementing PAM

Benefits

For security: Encrypted vault, automatic rotation, session recording

For IT: 150+ templates, automation, reduced password resets

For compliance: Full audit trail, workflow approval, compliance reports

Specification

Encryption	AES-256
Templates	150+ account types
Recording	RDP, SSH, web
Deployment	SaaS, on-prem

FAQ

How many secrets can Secret Server store? Unlimited. Scaling depends on infrastructure. Enterprise clients have 100,000+ secrets.

How does automatic rotation work? Secret Server logs into target system and changes password according to policy. Heartbeat verifies success.

Can I integrate with Active Directory? Yes. AD authentication, AD groups for RBAC, AD account discovery.

What about session recording? Agent or proxy captures sessions. Video format with keystroke logging. Searchable metadata.

Does Secret Server support SSH keys? Yes. Stores private keys, automatic key rotation, SSH certificate management.

How does break-glass work for emergencies? Designated users can override approval workflow in emergency. Audit log captures all.

Is there a free version? Secret Server Free for max 10 users and 250 secrets. No advanced features.

What about DevOps integration? REST API, PowerShell SDK, Jenkins plugin, Azure DevOps extension, others.

Does Secret Server support multi-factor? Yes. TOTP, RADIUS, SAML, Duo, smart cards, FIDO2.

What about support? Delinea support for software. nFlo offers deployment, migration, and local support.