Conventions for Naming Secrets
When first adding Secrets to your Secret Server account, one of your questions might be, “What should I name my Secrets?” This is a great question and one that we recommend thinking about for any new Secret Server customer. Secret names should be descriptive, but should not reveal any sensitive data. An option for Administrators to ensure Secrets are easily identifiable in Reports and in searches is to use naming requirements. For example, UserNameDeviceName. Whatever naming convention you choose, it will simplify your experience in the long-term.
Once you create a name convention, you will want to be able to enforce the naming requirements. Secret Server can use Regex to validate a Secret name upon creation. This will ensure that Secret names will match a desired pattern. Naming patterns are assigned by Secret Template.
For this example, we’ll walk you through the steps set naming rules for a Secret Template by using the Windows Server 2008 R2 Local Admin Account Template. First, visit Administration > Secret Templates. Next, select the Windows Account and click Edit. The current Template configuration and fields will appear, and then you will want to click Change. Now, you can enter Regex. For this example, we want all Secrets using this Template to be named the following: admincomputername-PC
To enforce our chosen naming pattern we will use the following Regex: ^adminw+-PC$
Now you can set the Error Message that will appear when users attempt to create a Secret using a name that does not match your chosen pattern. In this case, we’ll have the error message say “Secret Name must be admincomputerName-PC”
Latest posts by Josh (see all)
- Streamline Compliance with your Internal Security Policy by using Secret Server - March 4, 2014
- Is Your Hash Being Passed? - February 25, 2014
- Sneak Peek: New Secret Server features only at RSA Conference 2014 - February 20, 2014
2 thoughts on “Conventions for Naming Secrets”
Challenge is that initial naming convention setup…
Any feedback on that?
Hey Luc, setting up the initial naming convention is always a challenge! This is generally pretty unique to companies for what makes the most sense to them. The most common set up we see is machineusername or domainusername. Our biggest tip is to keep it consistent! I hope this helps, but let me know if you have any other questions!