<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

strongDM works with your secrets manager

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

We’re pleased to announce public beta support for the use of third-party secrets managers with StrongDM to store your credentials. And the best part? There’s zero changes to your workflow.

Integrate and automate

We’ve designed StrongDM to work with any environment, no matter how diverse. And of course, we want to automate it all. 

One of the important aspects of your infrastructure is secret management, so we’ve applied our philosophy to this key (pun intended :)) area of your network security. The goal is to provide more control for those of you that prefer to store your own credentials. In order to do that, StrongDM needs to support your existing secret store workflow and credential rotation without disruption to your developer workflow.

Works the way your organization does

Our integration with secrets management tools enables organizations to easily manage and automate the storage and rotation of credentials using these providers (with more to come in the future):

  • HashiCorp Vault is an API-driven secret manager that integrates with many cloud architectures and platforms. 
  • AWS Secrets Manager is a highly utilized tool for protecting IT resources and app from unauthorized access.
  • GCP Secret Manager stores API keys, passwords, certificates, and sensitive data pertaining to Google Cloud.

Some organizational security policies forbid the storage of credentials outside of a designated secret store provider. In other cases, there are specific features of a secret store that are key to your workflow, or you are just used to using your specific tool. With the integration of your secrets manager with StrongDM, you can meet all of these needs. When using your secrets manager with StrongDM, your gateway servers request credentials directly from your secret store and use them for authentication--that means those credentials are never recorded on our servers.

Gain control and custody

With these integrations comes the ability for StrongDM customers to:

  • Decide where your credentials are stored, with us or your existing secrets manager. 
  • Plug a third-party secrets manager right into your StrongDM deployment without any workflow change.
  • Create a separation of duties between access and authorization such that no credentials ever touch StrongDM hosted infrastructure.
Secret Stores UI in StrongDM

How it works

Whenever a user connects to a resource, the gateway/relay authenticates to your secrets manager provider and fetches credentials for the resource from the secret store. Those credentials never leave your gateway/relay and are never recorded by StrongDM.

To integrate with a secret store provider, you will need to follow these three basic steps:

  1. Configure your existing secret store for use with StrongDM (and populate it with the credentials for your resources).
  2. Set up your gateway/relay servers to be able to authenticate with the secret store.
  3. Set up the secret store integration in StrongDM.

Then, each time you set up a new resource, you can point to the specific paths within the secret store where the credentials can be accessed instead of saving those credentials in StrongDM. For further detail about the setup process for these integrations, please choose from the following configuration guides:

Getting Started

If you’re already a StrongDM customer, check out the links below to get started. If not, you can set up a demo and get the ball rolling.


About the Author

, Lead Technical Writer, has led projects and teams working on documentation in access and security for more than six years. Learning these technologies and helping other people do the same is his passion. Jeff contributes occasionally to various technical blogs and publications and sometimes writes on non-software topics such as productivity, project management, and tech news. To contact Jeff, visit him on LinkedIn.

logo
💙 this post?
Then get all that strongDM goodness, right in your inbox.

You May Also Like

SAML vs. OAuth
SAML vs. OAuth: Everything You Need to Know
In this article, we will provide a high-level overview of the Security Assertion Markup Language (SAML) and Open Authorization (OAuth) information access frameworks. You’ll learn about the key similarities and differences between SAML and OAuth, the unique benefits of each framework, and specific use cases for each. By the end of this article, you’ll have a clear understanding of SAML and OAuth to help you determine which is right for your organization.
What Is Credential Stuffing? Definition, Prevention & More
What Is Credential Stuffing? Definition, Prevention & More
In this article, we’ll define credential stuffing and explain the risks that credential stuffing attacks pose to organizations and customers. We’ll cover recent examples of credential stuffing attacks and discuss how to detect and prevent them. By the end of the article, you should understand the full scope of credential stuffing, including how to protect your customers’ and employees’ account credentials with the right tools. 
Brute Force Attack: Types, Examples & Prevention
What is a Brute Force Attack? Types, Examples & Prevention
In this article, we’ll take a comprehensive look at brute force attacks: what they are, how they work, and the different shapes they can take. You'll learn about popular tools utilized by hackers and examples of brute force attacks in action. By the end of this article, you'll be able to understand critical prevention measures for brute force attacks.
The difference between SAML vs OIDC
The Difference Between SAML vs. OIDC
The main difference between SAML and OIDC is that SAML builds the trust relationship between the service provider (SP) and the IdP, whereas OIDC trusts the channel (HTTPS) that is used to obtain the security token.
The Differences Between SAML vs LDAP
SAML vs. LDAP: Everything You Need to Know
The difference between SAML and LDAP is that SAML is designed for cloud-based connections using only an IdP and SP to communicate user data. LDAP, however, is typically used for accessing on-premises resources by installing a client on the user's device to connect with a directory service.