Skip to content

SECRET SERVER FEATURE: Automatic password management

Core PAM Automation Increases Visibility, Control, and Oversight


Rule-based password generation

Secret Server’s password generation feature assigns strong passwords which are sufficiently long and complex to meet compliance and security policy requirements.

Secret Server allows you to set password requirements for different types of privileged accounts. In Secret Server’s template settings, you can require specific characters, password length, and complexity.

Combined with session launchers and copy-to-clipboard options, it’s perfectly feasible to use 100-character passwords while restricting visibility to the actual password altogether. This improves security by making passwords impossible to memorize and invisible to certain users. Additionally, the Password History feature allows you to keep a full record of all previous passwords.


Scheduled password-changing

Security best practices and compliance mandates require that privileged passwords be changed regularly — an easily overlooked task.

Secret Server includes out-of-the-box password-changing templates and makes it easy to automate privileged password changes on a schedule to meet compliance mandates. Secret Server’s built-in password changing and expiration schedules ensure that critical passwords are changed automatically, without manual intervention.

When privileged account passwords need to be changed ad hoc, such as when an admin leaves or abnormal behavior is identified, you can automate the process to protect sensitive assets right away.

Out-of-the-box password changers

Secret Server offers a wide range of pre-configured password changers for frequently used applications. Access the full list.

Password-Changing features, such as Check Out and Heartbeat work with these platforms, so you can provide additional security and verify that passwords are correct.



Secret Server password management software provides effective, up-to-the-minute monitoring of passwords and other credentials across your company network with Heartbeat.

Automatically test a Secret’s credentials at set intervals and alert administrators if credentials are changed outside of Secret Server. Heartbeat also tells you when an administrator changes a privileged password without your knowledge.


Secret policies

Secret Server gives you the ability to require that users who edit a secret must match password complexity rules. See this KnowledgeBase article for a walk-through of configuring password requirement rules for secrets.

This assists in migrating from legacy systems in which secrets may have weak passwords. For a quick analysis, built-in reports show you which secrets don’t have strong passwords.

Password changing for secrets occurs either upon a manual kick-off or when a secret expires. When that happens, Secret Server generates a new random password, connects to the target, and updates the account.

Secret policies can be set at the folder level so you can enforce separate policies for different IT systems or teams.


Email Alerts

Event Subscriptions are customizable alerts that send email notifications to users or administrators. They can be set up to alert you when specified actions are performed, or when an event occurs within the system.

Examples of Events

  • Unlimited Administration Mode toggle
  • Secret Edit/Add/View
  • Role and Group Assignment changes
  • Secret Expiration
  • Configuration changes
  • Heartbeat failure when the password is invalid

If/then automation

With Secret Server’s If/then Automation, common trigger events can initiate a series of automated follow-up actions, saving IT time so they can focus on alerts that need more investigation or complex response.

For example, if a privileged credential’s heartbeat fails, indicating a password has been changed outside of the central PAM solution, a triggered action can rotate that password automatically and bring control back into Secret Server.

Integration between Secret Server and other IT security systems can trigger automated incident response, for example, phishing or malware analysis.

Policies can apply triggered events to secrets, folders, or sets within folders in Secret Server. Secret Server administrators have tremendous flexibility to customize triggered events and follow-up actions, such as sending an email or running a script, to match their IT systems, policies, and workflows.

Start a Free 30-Day Trial of Secret Server