Integrating with Thycotic Secret Server

Thycotic Secret Server is application software that helps you to store and manage credentials securely, according to policies that your organization might require.

You can configure the integration with Thycotic Secret Server using the vault providers page in the BMC Discovery Outpost.

For information on integrating BMC Helix Discovery with Thycotic Secret Server, see the following video (04:57):

 https://youtu.be/bpdEFy4sdAM

Before you begin

To integrate with Thycotic Secret Server

1. From the main menu in the BMC Discovery Outpost, click Manage > Vault Providers.
   The Manage Vault page opens. 

2. Select the Thycotic Secret Server tab.
   

3. Enter the settings appropriate to your Thycotic Secret Server on the page.

   Field Name	Description
   Status	A read-only display showing the status of the integration with Thycotic Secret Server. This can be one of: WORKING, DISABLED, or messages such as TEST OK, TEST ERROR, or ERROR and an explanatory message.
   Enabled	Select the check box to enable the integration with Thycotic Secret Server.
   URL	The URL of Thycotic Secret Server. Only HTTPS URLs are permitted. This field is mandatory. You should ask your Thycotic Secret Server administrator for the URL, user name, and password to access Thycotic Secret Server.
   User Name	A user name for Thycotic Secret Server. This field is mandatory.
   Set Password	Field in which you can enter the password. To make the field editable, select the check box and set the password. The password is not displayed.
   Checkout Duration (in minutes)	The time (in minutes) for which the password is guaranteed to remain valid. The default is 15 minutes and the minimum is one minute.
   Timeout (in seconds)	The timeout (in seconds) for requests to the provider. The default is 300 seconds.
   SSL Certificate Check	Select the check box to enable an SSL certificate check against the server. The result is reported in the Status message.

4. Click Test to test the connection. The configuration is not saved until you click the Apply button.
5. Click Apply to save and apply the configuration.

How credentials are stored in Thycotic Secret Server

For information on configuring credentials in Thycotic Secret Server, see the  product documentation .  

Credentials are referred to as Secrets in Thycotic Secret Server, and are all named. You access the credentials from the BMC Helix Discovery credentials UI using a series of filters to uniquely identify the element of the credential to use. For example, for a server called "server74", the following details are configured in Thycotic Secret Server:

• Secret Name — server74 
  • Unix Account (SSH)
  • Username — discovery. A UNIX account called discovery and its corresponding password
• Secret Name — server74 

  • Unix Root Account (SSH)

  • Username — root. A UNIX root account and its corresponding password

There are two secrets concerning this server, they are both called "server74". The first filter to add is to locate the required secret; that is, "Secret Name" is "server74". However, this does not uniquely identify the credential, an additional filter is required. We can use the Username field for this, so for the discovery user we can add "Username" is "discovery", which uniquely identifies that credential. We can do the same for the root credential.

To use a credential from Thycotic Secret Server in BMC Helix Discovery

In this example, in Thycotic Secret Server, the credential name is stored under the heading "Secret Name", so in the BMC Helix Discovery you add a filter with the name "Secret Name" and the name of the secret you want to use. You use additional filters for components of a credential, such as user name and password, or ssh key and passphrase. Additional filters are populated for each credential type automatically, using the Thycotic templates (Secret Templates) that you use to create credentials in Thycotic Secret Server.

The following screenshot shows adding the credential for server74: