# Retrieve Secrets {% hint style="info" %} This feature is part of the Enterprise plan. If it is not enabled for your organization, please contact StrongDM at the [StrongDM Help Center](https://help.strongdm.com/hc/en-us). {% endhint %} Your organization may entitle you to be able to directly retrieve (or validate/rotate) secrets such as passwords or keys from a secret store through the StrongDM Admin UI. This can be used for a variety of tasks, such as giving you a way to request and receive temporary administrative access to applications that StrongDM doesn't manage, or local admin accounts. To view secrets that have been assigned to you, in the StrongDM Admin UI, go to the **Access** > **Secrets** page, you will see a list of all secrets that you are eligible to interact with directly. Secrets only appear in this list if your permission level in your StrongDM organization allows it or as a result of being entitled (given access) to particular secrets by an administrator created policy. On the **Secrets** page a list of secrets that you are able to interact with are displayed. You can see the **Name**, **Type**, **Secret Engine**, **Tags** and an **Actions** menu for each. | Property | Description | Example | | ----------------- | ----------------------------------------------------------------------------------------------------------------------- | --------------------------- | | **Name** | Name the secret was given to it when created \` | `TestUserCredentials` | | **Type** | Type of secret; corresponds to the type of the secret engine used to manage the secret | `Active Directory` | | **Secret Engine** | Name of the secret engine that was given to it when created | `TestActiveDirectoryEngine` | | **Tags** | Tags given the secret by administrators | `exampletag` | | **Actions** | Actions available for you to perform on this secret; possible actions are **Retrieve**, **Rotate**, and/or **Validate** | N/A | ### Actions #### Rotate The **Rotate** action rotates the secret (changing its password to one that is generated based upon the configuration of the secret engine by administrators). The process rotates the secret both in the actual service or resource (such as in Active Directory or a MySQL server), and also rotates the secret housed in the backing secret store. This secret store copy is the one that is available to be retrieved through StrongDM. It is also the credential that can be used for authenticating user traffic to resources through StrongDM. The UI indicates through messages in the bottom right corner whether the rotation was a success or failure. #### Retrieve When **Retrieve** is selected, a modal window shows the details of the secret. Sensitive fields are masked and can be either directly copied or revealed to view. ![](/files/9k0AhgJcgxzJ3tUwXWv7) #### Validate The **Validate** action uses the secret engine to compare the copy of the credential in the secret store with the copy on the service or resource. A message will indicate whether validation was successful (the values are the same) or not (the values are different). If the validation fails, rotating the secret may resolve the discrepancy. ### Interact With Secrets Via the CLI You can also use the StrongDM CLI to interact with secrets. An authenticated user or service account can use the following commands: | Command | Description | | ------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | | [**sdm managedsecrets list**](https://app.gitbook.com/s/4XOJmXFslCMVCzIG2rKp/cli/managedsecrets/list) | List your managed secrets | | [**sdm managedsecrets show**](https://app.gitbook.com/s/4XOJmXFslCMVCzIG2rKp/cli/managedsecrets/show) | Show details of managed secret without sensitive data | | [**sdm managedsecrets retrieve**](https://app.gitbook.com/s/4XOJmXFslCMVCzIG2rKp/cli/managedsecrets/retrieve) | Show details of managed secret with sensitive data | | [**sdm managedsecrets rotate**](https://app.gitbook.com/s/4XOJmXFslCMVCzIG2rKp/cli/managedsecrets/rotate) | Rotate managed secret | | [**sdm managedsecrets validate**](https://app.gitbook.com/s/4XOJmXFslCMVCzIG2rKp/cli/managedsecrets/validate) | Show whether a managed secret is currently valid | ### Further Reading For administrator information on managing secrets with StrongDM Vault and secret engines, or storing resource access credentials in secret stores, see the following sections: {% content-ref url="/spaces/F7eka9SH5TT8nJm2ZfWj/pages/NWPsEbeItP8PYe6Qqw4d" %} [StrongDM Vault](/admin/secrets.md) {% endcontent-ref %} {% content-ref url="/spaces/F7eka9SH5TT8nJm2ZfWj/pages/5BoqOgvGDZyh24dEGQqi" %} [Secret Stores](/admin/access/secret-stores.md) {% endcontent-ref %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/users/retrieve-secrets.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.