DocumentationRelease Notes
Log In
Documentation

Secret store

Suggest Edits

What is the Secret Store page?

The Secret Store page in the /appliance web interface allows you to securely manage and store encryption keys required for encrypting session data and other sensitive information on the B Series Appliance.

How is it useful to my organization?

This page enhances security by providing a centralized, encrypted repository for managing keys, ensuring data protection and compliance with security standards.

How do I access the Secret Store page?

  1. Use a Chromium-based browser to sign in to your B Series Appliance. The URL is provided in the BeyondTrust welcome email and includes your site URL followed by /appliance.
  2. From the top menu, click Security.
    The Certificates page opens and displays by default.
  3. At the top of the page, click Secret Store.
    The Secret Store page displays.

Configure the secret store

Create and manage secret keys stored in AWS to securely store encryption keys and site data. To add a secret store, select the store from the dropdown, and then click Add Store. Provide and save the information for the store as shown in the steps below.

Add AWS secret store

  1. Provide the Access Key ID, Secret Access Key, and Region.
  2. Check the Rotate Access Key box only if you are not using any of the same IAM user's credentials in any other system.
  3. Click Save Store.
  4. It is also necessary for any firewall to allow outbound traffic to the IP addresses associated with the region endpoint used for the secret store.

ℹ️

Note

IP addresses may change. see the current list of IP addresses.

ℹ️

Note

For the list of endpoints, see AWS Secrets Manager endpoints and quotas.

ℹ️

Note

For added security, configure your AWS Identity and Access Management (IAM) Policy to limit access to resources matching BeyondTrust-* on the following permissions:

  • DescribeSecret
  • GetSecretValue
  • TagResource
  • UntagResource
  • CreateSecret
  • DeleteSecret
  • UpdateSecret

For more information on managing AWS IAM Policies, see Managing IAM Policies.

ℹ️

Note

If you delete the last remote store, a message displays indicating secrets will be moved locally.

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.