Application servers across different platforms often have passwords embedded in source code and configuration files.
The Secret Server Application Server API allows these passwords to be eliminated.
With this feature scripts and applications can authenticate and run securely without using a hardcoded password. The Application Server API is set up using a user in Secret Server, but the user’s password is automatically changed and is hardware-specific so duplicating the JAR file will not allow other machines access. An admin can then decide which Secrets are accessible by each application server.
Security in the Application Server API
- No password stored – The credentials to Secret Server are calculated based on the hardware of the machine and encrypted files, so the password is not known by anyone.
- Tied to hardware – Copying the files to another machine will not work when trying to access Secret Server.
- Obfuscation – The Application Server API is obfuscated to make reversing the encryption more difficult.
- Automatic change – Password expiration causes automatic change when the local account password expires (based on configuration settings)