Book Demo!

Inside and Outside Digital Threats

Database for Secrets Explained

Database for Secrets Explained

Digital threats became part of the routine reality of many modern companies. It often happens because automation and a distributed workforce makes it harder to protect information from malicious or accidental leakage. One way to approach the problem is to educate users and implement good policies around authentication and authorization but there is also network resources shared among many people and/or accessed only by machines. Passwords and keys to these resources do not belong to any individual user. As a result, it is hard to manage them, replace them in time and enforce company security requirements. The right approach to manage these special or privileged accounts is to use a database for secrets.

Introducing Database for Secrets

A database for secrets is a central storage of any sort of privileged information. Examples of such secret data could be a credit card number or a code signing certificate, a password or a key to a computer account. Central storage means that many users can access the data in the storage at the same time. It also means that users can share records with special data among each other. The database for secrets has to support an elaborate permission structure that can designate some parts of the data as secret. Record owners should have the ability to grant permissions to see or edit secret parts of the record to certain users.

Windows Record from the Database for Secrets

Windows Record from an example of a Database for Secrets

In a way, a database for secrets resembles an advanced Enterprise Content Management System with records, folders, field level permissions, and custom record types rather than a privileged account management system. However, certain options position a database for secrets in the area of network security.

Database for Secrets as a Network Security Tool

In addition to storage and sharing, a database for secrets can automatically reset passwords for the credentials it manages. Since the system knows the current password for the account, it can login to the remote computer, change this password on a schedule. The system can then remember the new password. By doing so, the system might generate long, complex and unique passwords that are harder to guess. To access these passwords, a database for secrets provides permission controlled access for users via a GUI as well as an API for scripts. It means that automated processes that use passwords or certificates to access network resources can retrieve these keys from the Database when needed instead relying on hardcoded credentials.

Second, a database for secrets can scan the network for attached devices and detect factory default, corporate setup or preset passwords. After that the administrators can convert detected accounts into the system managed records to apply password reset policies and access permissions. It ensures overall password quality in the network as well as the simplicity to access these passwords when needed.

Also, in combination with RDP/SSH Gateway, a database for secrets can provide access to certain computers and devices without even disclosing passwords or keys to the end user. It opens wide range of possibilities to engage employees and contractors while keeping the network access safe. Sessions to the remote computers could be monitored, recorded, and logged to the database for the future analysis.

Database for Secrets provides access to remote computers without disclosing the password

A Database for Secrets provides access to remote computers without disclosing the password

Finally, a database for secrets monitors and logs all user activities and keeps records history for audit purposes. It encrypts sensitive data using modern cyphers and ensures that communication channels are also secure.

About Xton Access Manager Tool

Xton Access Manager is an innovative Privileged Identity Management System implementation. It includes both a Database for Secrets and Session Manager as an RDP, SSH, VNC to HTML5 Gateway. Its server could be hosted at either Windows or Linux OS; and it can use any commercial database (e.g. MS SQL, Oracle, MySQL, PostgreSQL, etc.) as the backend. All Windows and Unix/Linux computers screens can be access via any modern desktop, mobile or tablet browser. Download preview of Xton Access Manager and schedule a demo here:

Download Today!

Xton Access Manager is an unlimited, agentless, cross-platform privileged access management solution built from the ground up with an enterprise feature set. Simple to implement, without your typical enterprise cost and effort.

Xton Access Manager is now available for download. Please fill out this form to receive a download link to get started today, even on your current desktop or laptop. Documentation is available to help or you can email or call us to request a trial extension, discuss questions and share your feedback. We would love to talk to you.

    Please fill out the form below to download Xton Access Manager.

    What interests you most about Xton Access Manager?

    Trial registration may take up to 30 seconds to complete. Please do not Refresh this page after submitting.

    Mark Klinchin

    I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.


    Session Management as a Secure Network Gateway | Xton Technologies · July 24, 2017 at 3:51 pm

    […] there is even more. Xton Session Manager is coupled with powerful Xton Database for Secrets that, among other things, can store and share records about devices and their accounts with […]

    XtonTech Database for Secrets | Xton Access Manager · August 1, 2017 at 10:58 am

    […] Xton Database for Secrets is an enterprise version of this concept. It keeps all data in a central storage with WEB (browser) access that allows multiple users share the same information with record level permissions. Moreover, it also has field level permissions so some users can see all fields in the record but not passwords. Why would anyone need to see information about some account but not passwords? Because there is another part in Xton Access Manager called Session Manager that can log people in computer without disclosing the password. […]

    Comments are closed.

    Related Posts


    How to enable Windows Remote Management using domain policy

    Xton Access Manager (XTAM) uses Windows Remote Management technology to execute jobs such as password reset on the remote Windows computers. WinRM is enabled on the windows computer using the following command executed from command Read more…


    Configuring Windows Server NLB for Multi-Node Deployment

    Configuring Windows Server NLB for Multi-Node Deployment Architecture This article discusses details of Windows Network Load Balancer (NLB) configuration to balance two or more XTAM Server nodes. Earlier we discussed XTAM Server multi-node architecture built Read more…


    The Challenge of Multi-Factor Authentication and Shared Accounts

    Recently, I wrote about the importance of combining multi-factor authentication (MFA) and privileged access management. According to 2018 Global Password Security Report, 45% of organizations are already using two-factor authentication (2FA) and the 451 Group Read more…

    Copyright © 2020 Xton Technologies, LLC. All rights reserved.