Secrets

Secrets are the main entities of the ANT PAM. The Secret is object that stores the required data. The scope of the stored data is defined at the Secret template level. A Secret can be shared with other users or groups of users. Permissions to access the Secret can be set in the desired range. Stored secrets are displayed in the folders structures. Every user has own personal folder.

For related privileges see Privileges and Permissions chapter.

Available actions in the list of Secrets:

Create Secret		Create new Secret
Display detail	[ click on the row ]	Open drawer with the detail of the Secret.
Search secrets		Searches secret names and secret fields that are marked as searcheable. The results are displayed in the separate tab.

Available actions for Secrets in context menu:

Copy secret link		Get the direct link for the secret and save it to the clipboard
Move secret		Move secret from folder to folder
Toggle favourite		Mark Secret as favourite - secret will be available in the Favourites tab
Duplicate secret		Duplication of chosen Secret - create new secret with the same name and timestamp of duplication
Migrate secret		Migration of the Secret from current template to new template
Disable secret		For active Secrets -> set the status to inactive
Enable secret		For inactive Secrets -> set the status to active

Available actions for Secrets on the detail of the Secret

Modify secret		Modify Secret
Copy secret field value to clipboard		Get the value of the field and save it to the clipboard
Display secret field history		Display the history of the secret field
View password value		View the password (only for users with OWN or VIEW_PASSWORD permission)
NATO phonetic transcription		Display the value of the password in NATO phonetics transcription

Available actions for Secrets on the Launchers tab:

Run Launcher	[ option in context menu ]	Run the joined launcher and use stored credentials (based on the configuration of the launcher).
Create connection	[ option in context menu ]	Create connection from the secret level.
Open application	[ option in context menu ]	Only for F5 type of lauchers - link for the application binded via Launcher
View launcher	[ option in context menu ]	Redirect user to Launchers section and display the detail of the launcher. Option is available for users with the privilege to see the Launchers section.

Available actions for Secrets on the Sharing permissions tab:

Edit permissions

[ option in context menu ]

Open form to adjust permissions on the secret.

For better understanding see the example on the Permissions page.

Available actions for Secrets on the Logs tab:

Open log in the full page

[ option in context menu ]

Open tab with brief overview of activities done with the object. By use of context menu [ ] user can open the log into more detailed view.

Create Secret

1	Click on the tab Secrets to display the Secrets section.
2	The personal root folder is opened and its content is displayed.
3	Choose the folder where new Secret should be created and placed and press the button CREATE [ ] on the right side of the page
4	The modal window for the Secret creation will be displayed.
5	Insert Name of the new secret, optionaly Description and choose Secret template. Note: template serves as the basis for each secret. it defines the list and parameters of fields that can be specified within the secret.
6	The full list of Secret parameters will be displayed (based on configuration of Secret template)
7	Fill the fields (at least mandatory fields) Note: input for password field could be generated by the rules defined within Password policy linked in the secret template (with the password field).
8	Choose whether the permissions should be inherited from the parent folder or specified custom permission and press CREATE. Note: by checking Custom permissions, the displayed permissions are unlocked and can be modified as needed.
9	New secret is created and displayed in the folder. The detail of the new secret in the drawer will be opened.

Modify Secret

1	Find the Secret in the folders structure and click on the row.
2	The drawer with the detail of the Secret will be opened.
3	Press the EDIT button [ ] on the top right side of the drawer
4	The Update secret modal will be opened and all parameters of the Secret will be available to adjust. Note: availability of the fields is driven by configuration of every field done in the Secret template
5	For the security reasons the Password value is not visible - it can be changed - click on the lock button [ ] and insert new value. Password generator could be also used. In this case the password will be generated based on the configuration of Password policy linked to the Secret template.
6	Press the UPDATE button to save the changes.

Move Secret

1	Find the Secret in the folders structure, click on the context menu [ ] and select the MOVE SECRET [ ] option. Rules for moving Secrets: it is possible to move Secret only to folders where user has OWN or CREATE_SECRET permissions it is possible to move only Secrets where user has WRITE & PERM_WRITE or OWN permissions it is possible to move secret from the personal folders structures to shared folders it is not possible to move Secrets from shared folders to personal folders
2	The modal window for the move Secret function is opened.
3	Set whether the permissions for the Secret being moved should be inherited from the target folder, or whether the Secret should retain its current permissions. If existing permissions are to be retained, custom permissions will be saved. - permissions will be inherited from the target folder - permissions will be kept the current ones Target folder can be selected in two ways: by search the name of the folder - the search displays folder where user has relevant permission by selecting the folder in the folders tree
4	Select the target folder from the folders list.
5	Press the button CONFIRM. The moved folder will be opened and located within the target folder.

Duplicate Secret

1	Find the Secret in the folders structure, click on the context menu [ ] and select the DUPLICATE SECRET [ ] option. Rules for duplicating Secrets: minimal permission to duplicate secret is READ on the duplicating Secret and CREATE_SECRET on the folder.
2	The modal window for the duplicating Secret function is opened.
5	According to user's permissions relevant fields will be available to be ajdusted for the new Secret. Note: user with READ permission can change the Name, Description and all non-sensitive secret fields. User with WRITE permission can also edit sensitive fields and password.
6	Adjust all available values and press DUPLICATE button
7	New Secret will be created and its detail will be opened in the drawer.

Migrate Secret

1	Find the Secret in the folders structure, click on the context menu [ ] and select the MIGRATE SECRET [ ] option. Rules for migrating Secrets: minimal permission to migrate secret is OWN on the Secret.
2	The modal window for the migrating Secret function is opened.
3	Select the new template and specify how to map fields from current template to fields from the new template. The mapping means that the values from fields from current template will be migrated to mapped fields in new template (including history). Also it is possible to set [Insert new value] option and fill the new value for the secret field.
4	If the new template has a binding to the same Launcher as the current template, the new template will be transferred within the existing Connection. If the new Template doesn't have a binding to a Launcher or contains bindings to other Launchers, Connections created based on the current template will be disabled.
5	When the form is completed then press the MIGRATE button and the secret and affected Connections will be migrated (od disabled).

Create Connection

1	Find the Secret in the folders structure and click on the row.
2	The drawer with the detail of the Secret will be opened.
3	Open the tab Launchers, select launcher which should be used for the connection and choose the CREATE CONNECTION option from context menu [ ] .
4	The form Create new connetion will be opened.
5	Fill Name, optionally Description and select the connection folder where the new Connection should be created.
6	Adjust variables needed for the correct run of the prefilled Launcher. Possible options are: Define value - in case that the connection should use one specific value only Ask later - in case that the connection will use different values in the variable - launcher will ask for the value within its execution.
7	Press button CREATE to save the connection
8	The user will be redirected to the Connections section and specific connection folder and newly created connection will be displayed.

Edit permissions

1	Find the Secret in the folders structure and click on the row.
2	The drawer with the detail of the Secret will be opened.
3	Open the tab Sharing permission to display permissions defined on the Secret.
4	Press the EDIT button [ ] on the top right side of the tab
5	New tab with the defined set of permissions will be displayed.
6	User can decide whether the permissions will be inherited - get from the folder, or custom - defined manually.
7	In case that the Custom permissions should be configured switch the Custom permissions button.
8	The part of the form will be activated and edited or new set of permissions could be defined.
9	Search for User by username or for Group and define the permission for the Secret. List of permissions is available in Permissions chapter.
10	Press the UPDATE button to save and apply new permissions.

Search the ANT PAM

1	Open the Secrets section of ANT PAM and fill the text into the Search value field and press enter to start search.
2	The results are displayed in separate tab Search results which will appear in the tabs section. The secrets can be viewed depends on the users permissions.
3	After the reseting of the search field the Search results tab is closed.