Skip to content

Thycotic Secret Server Key

Service Name: Thycotic Secret Server

Service Description: Thycotic Secret Server is a privileged account management solution that helps organizations secure, manage, and audit privileged account access. It provides secure storage for sensitive credentials and secrets with role-based access controls.

Service Address: https://thycotic.com/products/secret-server/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Secret Server level through security settings and policies.

Secret Access Scope: Grants programmatic access to Thycotic Secret Server API, allowing management of secrets, folders, users, and other resources within the Secret Server instance.

Secret Revokement URL: https://docs.thycotic.com/ss/11.1.0/api-scripting/webservices/soap-command-api

Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZWNyZXRzZXJ2ZXIiLCJuYW1lIjoiQVBJIEtleSIsImlhdCI6MTUxNjIzOTAyMn0.L8i6g3PfcHlioHCCPURC9pmXT7gdJpx3kOVdwFDkJ

Suspicious Activity Investigation Instructions:

  • Review Secret Server audit logs for unusual access patterns or unauthorized secret retrievals.
  • Check for unexpected API calls or automation tasks using the API key.
  • Monitor for changes to secret permissions or configurations.
  • Verify if there are any unexpected IP addresses accessing the Secret Server API.
  • Review any changes to secret policies or security settings.

Mitigation Instructions:

  • Sign in to the Secret Server admin console.
  • Go to Admin > Users.
  • Locate the user associated with the API key.
  • Select Edit for that user.
  • Open the API Keys tab.
  • Delete the compromised API key.
  • Generate a new API key if needed.
  • Update any legitimate applications or scripts with the new key.
  • Consider implementing IP restrictions for API access.
  • Review and adjust the permissions assigned to the API user account.