+1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Conventions for Naming Secrets

Written by Thycotic Team

July 9th, 2013

When first adding Secrets to your Secret Server account, one of your questions might be, “What should I name my Secrets?” This is a great question and one that we recommend thinking about for any new Secret Server customer. Secret names should be descriptive, but should not reveal any sensitive data. An option for Administrators to ensure Secrets are easily identifiable in Reports and in searches is to use naming requirements. For example, UserNameDeviceName. Whatever naming convention you choose, it will simplify your experience in the long-term.

Once you create a name convention, you will want to be able to enforce the naming requirements. Secret Server can use Regex to validate a Secret name upon creation. This will ensure that Secret names will match a desired pattern. Naming patterns are assigned by Secret Template.

For this example, we’ll walk you through the steps set naming rules for a Secret Template by using the Windows Server 2008 R2 Local Admin Account Template. First, visit Administration > Secret Templates. Next, select the Windows Account and click Edit. The current Template configuration and fields will appear, and then you will want to click Change. Now, you can enter Regex. For this example, we want all Secrets using this Template to be named the following: admincomputername-PC

To enforce our chosen naming pattern we will use the following Regex: ^adminw+-PC$

Now you can set the Error Message that will appear when users attempt to create a Secret using a name that does not match your chosen pattern. In this case, we’ll have the error message say “Secret Name must be admincomputerName-PC”

SecretNaming

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS


The following two tabs change content below.

Thycotic Team

We deploy smart, reliable, IT security solutions that empower companies to control and monitor privileged account credentials and identities.