Secrets Vault

You can use PrivX to securely store and delegate access to secret data. PrivX secrets are under the ​Secrets​​ page. On this page you can add, and edit secrets. You can also search secrets by their name.

Adding Secrets

To add a secret:

  1. In the PrivX GUI, go to the Secrets page and click Add Secret.

  2. Define the following for the secret:

    • A unique Name.
    • Roles that shall have Read access and or Write access.
    • The Secret type. This controls what content can be entered in Secret data.
    • Secret data.
  3. Click Save to save the secret.

By default, the only Secret type is JSON. For more information about defining additional Secret types, see Custom Secret Types.

Accessing Secrets

You can provide read and/or write permissions to secrets per role. To do this, specify roles in Read Access and/or Write Access when adding or editing secrets.

For using secrets vault for scripted access, see API-Client Integration

Custom Secret Types

You can define your own Secret types. This offers the following benefits:

  • When creating secrets, the PrivX GUI offers a form for filling in values, which may be more intuitive than typing raw JSON.
  • Support masking sensitive data; users can copy custom-secret values without exposing the actual values.
  • Control the structure of secret data.
Custom secret types provide a form for providing secret data.Custom secret types provide a form for providing secret data.

Custom secret types provide a form for providing secret data.

Custom secret types allow you to **Copy** individual values.Custom secret types allow you to **Copy** individual values.

Custom secret types allow you to Copy individual values.

To define secret types:

  • Access the PrivX GUI with settings-view and settings-manage permissions. Go to the Administration→Settings→Secrets Vault page and Edit the Secret schemas JSON setting.

The Secret schemas JSON is an array where you can define multiple secret types,

[
    {
        "name": "secret_type_1",
        "title": "Credentials1",
        "properties": []
    },
    {
        "name": "secret_type_2",
        "title": "Credentials2",
        "properties": []
    },
    ...
]

Each secret type must specify the following attributes:

  • name: ID string of the secret type. Must be unique within the system.
  • title: Human-readable title for the secret type. This will be displayed in the GUI.
  • properties: Array of property objects. Each property represents a secret field (such as a user name, password, and so on). Each property supports the following attributes:
    • name: ID string of the field.
    • title: Human-readable title for the field. This will be displayed in the GUI.
    • masked: If true, the field input is masked. We recommend enabling this for password fields. Optional, defaults to false.
    • wide: If true, the input field will take up the entire width of the form. Optional, defaults to false.
    • multiline: If true, the input field will span multiple lines. Optional, defaults to false.
    • monospace: If true, the input field will use a monospace font. Optional, defaults to false.

For example, to create the custom secret type shown in previous images:

[
    {
        "name": "credentials",
        "title": "Credentials",
        "properties": [
            {
                "name": "user",
                "title": "Username"
            },
            {
                "name": "pass",
                "title": "Password",
                "masked": true
            },
            {
                "name": "comment",
                "title": "Comment",
                "wide": true,
                "multiline": true
            }
        ]
    }
]

Role Permissions for Secrets

The role permissions for managing secrets are:

  • ​​vault-add​​: Allows the user to add secrets.

  • ​​vault-manage​​: Allows the user to add and delete secrets, modify secrets' metadata, modify secrets' contents, list secrets, and view secrets' metadata.


Did this page help you?