Phone Number +1-202-802-9399 (US)

Thycotic is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

Importing Credentials into Secret Server

Written by Thycotic Team

August 28th, 2013

This blog post was originally written in 2013.  For the most up to date information on Secret Server, please visit:

Secret Server Features Page: Our features are among the reasons so many IT Admins and IT Security pros consider Secret Server the best Privileged Access Management software in the market.  Find information on the key features available in each version of Secret Server.

Getting Started Tutorial: Secret Server is a powerful solution with many facets. As such, we have created this guide, which is an introductory tutorial for new users. The tutorial suggests an order to learn topics and points to specific sections for more detail.  This tutorial is oriented toward system administrators and other technical professionals.

After installing Secret Server and thinking through your Folder and Permission structure, the next step is to import information into Secret Server.

Secret Server provides multiple tools to quickly import information into Secret Server, whether you are currently using sticky notes, Excel spreadsheets or a personal password tool such as KeePass. Secret Server can also automatically create the Secrets and manage passwords for your local Windows accounts and Windows service accounts through the Discovery Feature. In this post, we will focus on how to import Secrets from Excel spreadsheets and other personal password tools. Part Two will discuss how to set up Discovery to automatically import accounts and use the API to create Secrets.

Migration Tool Import

Secret Server has an Import Migration Tool that will allow you to pull information from KeePass, Password Safe and Password Corral. The Migration Tool generates a new Secret Template to match the fields native to the password tool. It will then generate a CSV with your information and upload it to the new Template. You can also have the Migration Tool use the folder structure from your existing password tool and bring that into Secret Server. Once Secrets are imported into Secret Server, they can have their templates converted using our Bulk Operations to make full use of Launchers and Password Changers.  You can download the Migration Tool Here <link> or you can find a link within your Secret Server by going to Tools<Import Secrets.

CSV Import

Secret Server supports importing from a CSV file for password tools that are not natively supported by the Migration Tool or for importing from Excel Spreadsheets. There are three ways to import manually from a CSV file.

Option 1:  Mimic what the Migration Tool does and create a new Secret Template to match the existing information fields. Import the entire file into the new template. Once the data is imported, convert Secret Templates manually to templates that match the information stored within.

Option 2:  Create separate CSV files before importing so that information is grouped by template type, such as one CSV for Active Directory Accounts, another for Windows Accounts, etc. Next, organize the fields to match existing templates within Secret Server. The easiest way to organize the fields is by using a spreadsheet editor. To see the fields that are used for a Template, navigate to Tools<Import Secrets and then select the template from the drop-down box. Note: the only required field during import is the Secret Name field.

XML Import

The final text-based method of importing Secrets is using our XML import. This is usually only done by advanced users and is generally used when re-building Secret Server from an XML export. The XML import can create Secret Templates and Folders, specify Secret permissions, and even set Dependencies on import. For an example XML file click here.

Importing accounts automatically with Discovery and creating and updating Secrets using our API

Above we discussed importing secrets manually into Secret Server using our Migration Tool and built in CSV and XML import. Now we’ll review how to automatically import credentials into Secret Server.

Discovery in Secret Server

Discovery is a major feature in Secret Server with two main functions:

  1. Scan your network for local Windows accounts and import them as Secrets. With Discovery Rules, this process can be automated to run on a schedule, and new accounts will be imported based on a set parameters that you establish.
  2. Scan your network and pull in Windows services, attaching them as dependencies to current Secrets or creating new Secrets based on the particular account running the service.

How to Set Up Discovery

Setting up Discovery is simple.

  1. On the Administration>Discovery page, check the box enabling Discovery.
  2. Set the interval that you want Discovery to perform scans of the domain.
  3. Create a domain for Discovery to run against: on Administration>Discovery, click Edit Domains and then click Create New. Here you will enter the Fully Qualified Domain Name. Use an account that has access to all the machines you would like to discover and the ability to change the passwords for those accounts.
  4. Check the Enable Discovery box for the new domain and then click Save and Validate. Secret Server will confirm that it can reach your domain.

Once Discovery is turned on, it will start running scans throughout the network. This occurs in batches so as to not bog down your network.

Import Accounts using Discovery

  1. When the scans finish, click Discovery Network View on the Administration>Discovery page.
  2. You will see two tabs, one for local Windows accounts and another for service accounts. This page enables you to find the accounts you would like to import. It allows you to filter computers based on organizational unit (OU) and search for specific computers and accounts.
  3. Check the accounts you wish to import and click the import button. Secret Server will automatically create a Secret for each. You also have the option of changing the passwords for the accounts when the Secrets are created.

Using the API to Create Secrets

The final method of importing Secrets is to use our API to programmatically create the Secrets. The Secret Server API allows basic functions to be performed on Secrets, such as creating, deleting or modifying.

The API is especially useful when you have an existing script that already provisions accounts. Secret Server provides web service API calls that can be added to your existing script in order to create Secrets after your new accounts are provisioned.

After Secrets are imported, the API can also be used if you have third party applications that need credential access (i.e. the API can then be used to programmatically provide credentials stored in Secret Server). The API is also good for updating existing Secrets. For example, if your domain name has changed, you can use the API to quickly update all applicable Secrets to match the new domain.

Check out our Knowledge Base and API Guides located on the Secret Server technical support page for examples on how to utilize Secret Server’s API.

IT Security should be easy. We’ll show you how.

Try Secret Server and experience how FAST & EASY
IT security products can be.


Like this post?

Get our top blog posts delivered to your inbox once a month.