DocumentationAPI ReferenceRelease Notes
Documentation

Secret store

Suggest Edits

What is the Secret Store page?

The Secret Store page in the appliance web interface allows you to securely manage and store encryption keys required for encrypting session data and other sensitive information on the appliance.

How is it useful to my organization?

This page enhances security by providing a centralized, encrypted repository for managing keys, ensuring data protection and compliance with security standards.

How do I access the Secret Store page?

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.
  2. From the main menu, click Remote Access > Appliance.
    The Appliance page opens in a new tab, and the Status page displays by default.
  3. At the top, click Security.
    The Security page opens and the Certificates tab displays by default.
  4. Click Secret Store.
    The Secret Store page displays.

The Secret Store page

BeyondTrust Secure Remote Access interface showing the Secret Stores section. A dropdown menu allows the user to select a secret store type, with 'AWS Secrets Manager' selected, and an 'Add Store' button next to it. Below is a table listing configured secret stores with columns for Name, Count, and Actions. An option is also available to allow secrets to be stored locally for recovery.
  1. Add Store: Adds a secret store.
  2. Secret Store list columns- The list of Secret Store columns.
    Secret Store columns

    • Name: Unique name of the secret store.

    • Count: The number of the secret stores.

    • Actions: Displays status of the secret store.

Add AWS Secret Store

Create and manage secret keys stored in AWS to securely store encryption keys and site data.

  1. To add a secret store, select the store from the dropdown, and then click Add Store.
  2. Provide the Access Key ID, Secret Access Key, and Region.
  3. Check the Rotate Access Key box only if you are not using any of the same IAM user's credentials in any other system.
  4. Click Save Store.
  5. It is also necessary for any firewall to allow outbound traffic to the IP addresses associated with the region endpoint used for the secret store.

ℹ️

Note

  • IP addresses may change. see the current list of IP addresses.
  • For the list of endpoints, see AWS Secrets Manager endpoints and quotas.
  • For added security, configure your AWS Identity and Access Management (IAM) Policy to limit access to resources matching BeyondTrust-* on the following permissions:
    • DescribeSecret
    • GetSecretValue
    • TagResource
    • UntagResource
    • CreateSecret
    • DeleteSecret
    • UpdateSecret
      For more information on managing AWS IAM Policies, see Managing IAM Policies.
  • If you delete the last remote store, a message displays indicating secrets will be moved locally.

Updated 4 months ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.