Thycotic Secret Server Key
Service Name: Thycotic Secret Server
Service Description: Thycotic Secret Server is a privileged account management solution that helps organizations secure, manage, and audit privileged account access. It provides secure storage for sensitive credentials and secrets with role-based access controls.
Service Address: https://thycotic.com/products/secret-server/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Secret Server level through security settings and policies.
Secret Access Scope: Grants programmatic access to Thycotic Secret Server API, allowing management of secrets, folders, users, and other resources within the Secret Server instance.
Secret Revokement URL: https://docs.thycotic.com/ss/11.1.0/api-scripting/webservices/soap-command-api
Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZWNyZXRzZXJ2ZXIiLCJuYW1lIjoiQVBJIEtleSIsImlhdCI6MTUxNjIzOTAyMn0.L8i6g3PfcHlioHCCPURC9pmXT7gdJpx3kOVdwFDkJ
Suspicious Activity Investigation Instructions:
- Review Secret Server audit logs for unusual access patterns or unauthorized secret retrievals.
- Check for unexpected API calls or automation tasks using the API key.
- Monitor for changes to secret permissions or configurations.
- Verify if there are any unexpected IP addresses accessing the Secret Server API.
- Review any changes to secret policies or security settings.
Mitigation Instructions:
- Sign in to the Secret Server admin console.
- Go to Admin > Users.
- Locate the user associated with the API key.
- Select Edit for that user.
- Open the API Keys tab.
- Delete the compromised API key.
- Generate a new API key if needed.
- Update any legitimate applications or scripts with the new key.
- Consider implementing IP restrictions for API access.
- Review and adjust the permissions assigned to the API user account.