Skip to main content

A question came up recently about understanding how Secrets Safe activity would be audited as access to the sessions aren’t requested the same as Managed Accounts. After creating some notes about creating a safe and the logs that occur with my activity, I’m sharing here if it’s helpful for anyone else. Note I’m testing on version 24.3.0. 

 

Steps: I set up a safe with my admin creds, assigned it to a user group, and then booted my admin account out. I then logged in as my regular user, poked about, and added a super secret note. I show the logs of poking around adding items to secrets safe. 

 

I then logged back in as my regular user, fetched  credentials. This shows the secret ID which is very useful for automation! Logging back in as my admin account, I show what that looks like in the logs as well, and what it looks like as an Admin accessing PasswordSafe. They don't, by default, see all safes, and it's clear which safes are user safes. As well, I show the screenshots of the reporting option. 

 

Logs? Yes! Notifications? ... Try Reports!

There's no extra documentation around Secrets Safe logs as it's all captured in User Event logging. For notifications when something is accessed, that's not something that has a notification email option like we do with managed accounts. This is typically for the developer use cases where the noise would be rather untenable to sift through. That said, a report can be generated on Secrets Safe actions via Analytics -> Configuration -> User Audits.

 

Standard User with Manage Safe Permissions

My user is a standard user in PasswordSafe with Read Only SecretsSafe feature assigned to the tasha test group. The only gotcha right now I see is that the reporting shows the group assigned, but doesn't show the group members with permissions.

Looking for the test user that is a group member:

Admin Account - Safes View

When logged in as the admin of PasswordSafe, I don't automatically see any safe that I would be a team member of:

However, Admins can always manage the safes by choosing to see all safes:

 

And as an Admin, I can manage the safe:

User Audits - First View

In Configuration -> User Audits, I can see my actions related to Secrets Safe as a few different components. Note, I didn't "read" a secret or copy a secret while I was my local user.

Standard User - Read a Secret

I logged in as my standard user and read my super secret note. The Secret ID is very helpful for automation.

User Audit Logs & Analytics And Reporting

Now looking at the User Audit Logs, we can see that the credential was fetched. As well, Analytics and reporting can be set up to search only on the Secrets Safe components if desired.

 

Be the first to reply!

Reply


Badge Earners

Show all badges
Terms & ConditionsCookie settings