Phone Number +1-202-802-9399 (US)

Secret Server Feature: AES 256 Encryption

Secure privileged accounts
with strong encryption

Secret Server password management software uses the Advanced Encryption Standard for encrypting sensitive data.

What’s the challenge?

Too often shared passwords are stored in clear text in custom databases, spreadsheets, or shared documents. These are easy targets for attackers to overcome and not sufficient for many compliance requirements.

Why it’s important

Privileged accounts represent some of your most sensitive data. Make sure they are properly protected using advanced encryption standards.

How this feature solves it

AES 256 bit encryption is the strongest encryption available for password management software, which when combined with our other security features like an HSM or DoubleLock, provides unsurpassed security for sensitive enterprise passwords.

In addition to at rest encryption of Secret data, Secret Server can also be used with SQL Server Transparent Data Encryption (TDE) for further data protection. SSL/TLS can be enforced on all connections to ensure end-to-end encryption.

TRY IT FREE FOR 30 DAYS. It’s fast to install and easy to use!
Start your free trial of Secret Server using the trial form.

Additional Information

Encryption Key Per Installation
Secret Server generates a unique encryption key during installation. This key is encrypted and kept in the encryption.config file or managed by an HSM. The combination of this file and your Secret Server database allows you to reconstitute your system at any point. So back up your encryption.config file and your database! In fact, you may as well back up your Secret Server application folder and the database for easy moving or restoring of the application.

Login Password Protection
Secret Server hashes and salts local user passwords using a randomly generated salt and the PBKDF2-HMAC-SHA256 hashing algorithm. Active Directory logins authenticate directly against the domain and their passwords are not stored in the Secret Server database.

Tighten user authentication security even further with these built in options:

  • Restrict logins to trusted IP Addresses
  • Set the number of login failures before a user is marked as inactive.
  • Require CAPTCHA on login.
  • Enforce login policy agreement before sign in.
  • Enforce two factor authentication using RADIUS, Google Authentication, or Duo Security.

How secure is AES 256 bit encryption?
Advanced Encryption Standard is the strongest encryption there is. Governments, the military and banks use 256 bit encryption to protect highly sensitive information; universities use it protect privileged student data; the healthcare industry uses it to keep patients’ medical records secure. Today, organizations worldwide look to advanced data encryption standards to protect themselves from hackers and cyber crime.

As you’re interested in advanced encryption techniques…check out the range of security and compliance solutions Secret Server provides for organizations that need to meet industry security standards.

Try Secret Server for 30 Days

  • Free Enterprise level support
  • Choose your preferred deployment option
  • The easiest PAM Solution you’ll ever use
Choose your deployment option:
By completing this form you are opting into emails from Thycotic. You can unsubscribe at any time.

See comprehensive feature list