Eliminate embedded passwords with Secret Server’s Application Server API
Application servers
Application servers across different platforms often have passwords embedded in source code and configuration files.
Secret Server password management software has an Application Server API that allows these passwords to be eliminated.
With this feature scripts and applications can authenticate and run securely without using a hard-coded password. You set up the Application Server API using a user in Secret Server, but the user’s password is automatically changed and is hardware-specific so duplicating the JAR file will not allow other machines access. You can then decide which Secrets are accessible by each application server.
Security in the Application Server API
No password stored – The credentials to Secret Server are calculated based on the hardware of the machine and encrypted files, so the password is not known by anyone.
Tied to hardware – Copying the files to another machine will not work when trying to access Secret Server.
Obfuscation – The Application Server API is obfuscated to make reversing the encryption more difficult.
Automatic change – Password expiration causes automatic change when the local account password expires (based on configuration settings).
