Delinea Secret Server

Overview

Delinea Secret Server is a service for securely storing and accessing secrets, such as API keys, passwords, certificates, and cryptographic keys. This guide describes how to integrate Secret Server with StrongDM.

Secret store integrations allow you to use your existing third-party secret stores with StrongDM. Your credentials are stored in a service that is controlled by you, and those credentials are never transmitted to StrongDM in any form. If you would like to learn more about how the Secret Store integration works and why you might wish to use it, please read the Secret Stores Reference.

Prerequisites

The following items are required to integrate Secret Server with StrongDM:

• StrongDM account with the Administrator permission level

• Healthy StrongDM gateway or relay to allow authentication with Secret Server

• Delinea Secret Server account set up with a user's username and password, and at least one secret to a resource

• Correct path(s) to the secret(s) stored in Secret Server

Configuration

To integrate StrongDM with Delinea Secret Server, follow the steps in this section to set up your Secret Server account and secrets, configure your gateway or relay, and create the secret store in StrongDM.

Set up Secret Server account and secrets

1. Log in to your Secret Server account. For the purposes of this guide, we log in with the Local Login option.

2. Go to Administration > Users, Roles, Access > User Management.

3. Ensure that you have a user set up with which the StrongDM service can authenticate to Delinea. The user should have a username and password, which are the credentials needed to access secrets stored in Secret Server. Additionally, the user must have the Application Account option set to Yes in order for it to work with StrongDM.

4. Go to the Secrets section.

5. Ensure that you have an existing secret. If you do not, click Create Secret to add one.

6. Select a secret and notice the URL in your web browser's address bar. It should look similar to https://example.secretservercloud.com/app/#/secret/7/general, with a number value, such as 7. The number represents the key to the secret stored in Secret Server. Remember the URL for when you are done with configuration and want to connect to a StrongDM resource.

Configure your gateway or relay

To allow communication with Secret Server, StrongDM needs to know what credentials to use. You can configure your gateway or relay environment with properties as environment variables.

The following table shows the environment variables that Delinea supports. Add all required environment variables on your relay or gateway. For DELINEA_SERVER_URL and DELINEA_API_TENANT, you must set one but not both. Open the environment file for editing. The default location is /etc/sysconfig/sdm-proxy for gateways and relays, or /etc/sysconfig/sdm-worker for proxy clusters. Add or edit the following environment variables:

Create a secret store in StrongDM

1. Log in to the StrongDM Admin UI.

2. Go to Settings > Secrets Management and to the Secret Stores tab.

3. Click Add secret store.

4. On the Add Secret Store form that displays, set all the required secret store properties.

1. Click Create secret store.

If you have configured the relay or gateway server correctly for Secret Server access and authorization, you can see the green online indicator.

Secret store properties

Configuration is now complete.

Connect to a StrongDM Resource

Now that you have set up secret store integration, you can use the Delinea Secret Server secret store to connect to different StrongDM resources.

1. In the Admin UI, go to Infrastructure > Datasources.

2. Click Add datasource.

3. On the form that displays, set the properties for your database resource, including the secret store properties

4. When all required fields are complete, click Create.

When the resource is ready, the Health icon indicates a positive, green status.

Delinea Secret Server properties