+1-202-802-9399 U.S. Headquarters

Thycotic’s CyberSecurity Publication


Get Credentials out of Code with Secret Server API

July 16th, 2013



A few years back, our engineers decided to solve a new password problem: Network credentials are not only used by people. Sometimes other programs need credentials to interact with the network too. Secret Server was already providing full audits of each user’s credential usage, why not create an API so programs could also use Secret Server for credential access?

Using scripts, Secret Server’s API allows third-party programs to access Secret Server programmatically. Secrets and Folders can be searched and retrieved, and new ones can be created. This not only provides a full audit trail of credential usage by third-party applications, but also improves security by getting credentials out of clear text within the application’s code.

Any developer can make use of Secret Server’s API for use in their scripts or to integrate with an existing software. It’s always great when companies use our APIs and share them with others. Here are a couple of examples:

Puppet Labs creates automation software for provisioning, maintaining infrastructure configurations, automating repetitive tasks and more. Steve Shipway, a Puppet Labs and Secret Server user, wrote a module for Puppet Labs that uses the Secret Server API to assist Puppet Labs’ configuration and provisioning tasks. The Secret Server API module for Puppet Labs is available online for free.

Devolutions’ Remote Desktop Manager provides a central location for managing remote connections, including Putty, RDP and Team Viewer. Through the Remote Desktop Manager integration with Secret Server, network admins can use their Windows Authentication credential to launch applications, providing greater network security.

Ready to start making your own third-party program integrations with Secret Server? Check out our KnowledgeBase for guidance.

Try Thycotic Secret Server Free for 30 Days

The following two tabs change content below.

3 thoughts on “Get Credentials out of Code with Secret Server API”

  1. I was looking into testing Puppet after a puppet workshop. Now as i read the integration and option to change passwords and local certificates then its time to make time 😉

    Comment by Jan Dijk on July 17, 2013 at 3:00 pm

  2. I’m a little concerned that the API requires user/pass authentication. Is there a method to use key-based auth for accessing the API? I want to create an integration with Chef to access Secret Server, and I would prefer to not have to store the user/password anywhere in my code, but rather utilize the key from the node attempting to access the API.

    Comment by Matt Stratton on February 18, 2016 at 3:47 pm

  3. Hey Matt! Thanks a lot for the comment! The Webservices API will only use username/password for authentication. The ability to use key-based authentication would be awesome and is a great feature request. I would recommend you adding it to our feedback.thycotic.com where everyone can vote on it. I hope this helps, but let me know if you have any other questions. Best, Jordan

    Comment by Jordan True on February 19, 2016 at 5:15 pm

Leave a Reply