# Delinea Secret Server {% hint style="info" %} This feature is part of the Enterprise plan. If it is not enabled for your organization, please contact StrongDM at the [StrongDM Help Center](https://help.strongdm.com/hc/en-us). {% endhint %} ### Overview Delinea Secret Server is a service for securely storing and accessing secrets, such as API keys, passwords, certificates, and cryptographic keys. This guide describes how to integrate Secret Server with StrongDM. Secret store integrations allow you to use your existing third-party secret stores with StrongDM. Your credentials are stored in a service that is controlled by you, and those credentials are never transmitted to StrongDM in any form. If you would like to learn more about how the Secret Store integration works and why you might wish to use it, please read the [Secret Stores Reference.](https://docs.strongdm.com/admin/access/secret-stores) ### Prerequisites The following items are required to integrate Secret Server with StrongDM: * StrongDM account with the Administrator permission level * Healthy StrongDM gateway or relay to allow authentication with Secret Server * Delinea Secret Server account set up with a user's username and password, and at least one secret to a resource * Correct path(s) to the secret(s) stored in Secret Server ### Configuration To integrate StrongDM with Delinea Secret Server, follow the steps in this section to set up your Secret Server account and secrets, configure your gateway or relay, and create the secret store in StrongDM. #### Set up Secret Server account and secrets 1. Log in to your Secret Server account. For the purposes of this guide, we log in with the **Local Login** option. 2. Go to **Administration** > **Users, Roles, Access** > **User Management**. 3. Ensure that you have a user set up with which the StrongDM service can authenticate to Delinea. The user should have a username and password, which are the credentials needed to access secrets stored in Secret Server. Additionally, the user must have the **Application Account** option set to **Yes** in order for it to work with StrongDM. 4. Go to the **Secrets** section. 5. Ensure that you have an existing secret. If you do not, click **Create Secret** to add one. 6. Select a secret and notice the URL in your web browser's address bar. It should look similar to `https://example.secretservercloud.com/app/#/secret/7/general`, with a number value, such as `7`. The number represents the key to the secret stored in Secret Server. Remember the URL for when you are done with configuration and want to [connect to a StrongDM resource](#connect-to-a-strongdm-resource). #### Configure your gateway or relay To allow communication with Secret Server, StrongDM needs to know what credentials to use. You can configure your gateway or relay environment with properties as environment variables. The following table shows the environment variables that Delinea supports. Add all required environment variables on your relay or gateway. For `DELINEA_SERVER_URL` and `DELINEA_API_TENANT`, you must set one but not both. Open the environment file for editing. The default location is `/etc/sysconfig/sdm-proxy` for gateways and relays, or `/etc/sysconfig/sdm-worker` for proxy clusters. Add or edit the following environment variables: | Environment variable | Requirement | Description | | -------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `DELINEA_USERNAME` | Required | The username of the Delinea Secret Server user account that is associated with the secrets stored in Secret Server | | `DELINEA_PASSWORD` | Required | The password of the Delinea Secret Server user account that is associated with the secrets stored in Secret Server | | `DELINEA_SERVER_URL` | Optional | The URL of the server where your secrets are stored (for example, `https://example.com`); only needed if you are using an on-premises version of Delinea or Thycotic, where you are not logged in to any Software as a Service (SaaS) but you are logged in to your own server; can be used if you did not already set the server address in the Admin UI when adding the secret store | | `DELINEA_API_TENANT` | Optional | Your Secret Server tenant name, which is required if you did not already set the tenant name in the Admin UI when adding the secret store; can be found in your Secret Server URL (for example, in the Secret Server URL `https://example.secretservercloud.com`, the tenant name is `example`) | {% hint style="info" %} For both `DELINEA_API_TENANT` and `DELINEA_SERVER_URL`, the properties set in the Admin UI take precedence over the environment variable. The environment variable is only used if the setting in the Admin UI is empty. See section [Create a secret store in StrongDM](#create-a-secret-store-in-strongdm). {% endhint %} #### Create a secret store in StrongDM 1. Log in to the StrongDM Admin UI. 2. Go to **Settings** > **Secrets Management** and to the **Secret Stores** tab. 3. Click **Add secret store**. 4. On the **Add Secret Store** form that displays, set all the required [secret store properties](#secret-store-properties). ![](https://4180056444-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FF7eka9SH5TT8nJm2ZfWj%2Fuploads%2Fgit-blob-638404a056b9a91772c4ab6306dd6fd04af576b5%2Fsecretstores-delinea.png?alt=media) 1. Click **Create secret store**. If you have configured the relay or gateway server correctly for Secret Server access and authorization, you can see the green online indicator. #### Secret store properties | Property | Requirement | Description | | ------------------ | ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Display Name** | Required | The name for this secret store integration that is displayed throughout StrongDM | | **Type** | Required | The type of secret store; select **Delinea Secret Server** | | **Server Address** | Optional | The URL of the server where your secrets are stored (for example, `https://example.com`) if using an on-premises version of Delinea or Thycotic; if you already set [environment variables on your gateway or relay](#configure-your-gateway-or-relay), the server address is the same property as the `DELINEA_SERVER_URL` environment variable; what you set in the Admin UI takes precedence over the environment variable | | **Tenant Name** | Optional | Your Delinea Secret Server tenant name, which you can find in your Secret Server URL (for example, in the Secret Server URL `https://example.secretservercloud.com`, the tenant name is `example`); if you already set [environment variables on your gateway or relay](#configure-your-gateway-or-relay), the tenant name is the same property as the `DELINEA_API_TENANT` environment variable; what you set in the Admin UI takes precedence over the environment variable | Configuration is now complete. ### Connect to a StrongDM Resource Now that you have set up secret store integration, you can use the Delinea Secret Server secret store to connect to different StrongDM resources. 1. In the Admin UI, go to **Infrastructure > Datasources**. 2. Click **Add Resource**. 3. On the form that displays, set the properties for your database resource, including the [secret store properties](#secret-store-properties) 4. When all required fields are complete, click **Create**. When the resource is ready, the **Health** icon indicates a positive, green status. #### Delinea Secret Server properties | Property | Description | | ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Secret Store** | The type of secret store; select **Delinea Secret Server** | | **Username (path)** | The path to your secret key in the format `?key=` where \ is the number found in the URL of your secret, and where is one of the parameters of the secret in the Delinea interface; for example, if your secret URL is `https://example.secretservercloud.com/app/#/secret/7/general`, and if you created the secret with the Username parameter set, you would enter `7?key=Username` | | **Password (path)** | The path to your secret key in the format `?key=` where \ is the number found in the URL of your secret, and where is one of the parameters of the secret in the Delinea interface; for example, if your secret URL is `https://example.secretservercloud.com/app/#/secret/7/general`, and if you created the secret with the Password parameter set, you would enter `7?key=Password` | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/admin/access/secret-stores/delinea-secret-server.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.