Application servers across different platforms often have passwords embedded in source code and configuration files.
Secret Server password management software has an Application Server API that allows these passwords to be eliminated.
With this feature scripts and applications can authenticate and run securely without using a hard-coded password. You set up the Application Server API using a user in Secret Server, but the user’s password is automatically changed and is hardware-specific so duplicating the JAR file will not allow other machines access. You can then decide which Secrets are accessible by each application server.
Check out Secret Server’s other user-friendly features, or start a free trial right now using the form on the right.
Also yours free: IT tools to help you save time and money while protecting your privileged account passwords.
Security in the Application Server API
- No password stored – The credentials to Secret Server are calculated based on the hardware of the machine and encrypted files, so the password is not known by anyone.
- Tied to hardware – Copying the files to another machine will not work when trying to access Secret Server.
- Obfuscation – The Application Server API is obfuscated to make reversing the encryption more difficult.
- Automatic change – Password expiration causes automatic change when the local account password expires (based on configuration settings).