Secret Server (Preview)
The Secret Server Connector allows users to leverage the power of Delinea Secret Server. This connector allows the user to retrieve a secret from Secret Server via ID.
This connector is available in the following products and regions:
| Service | Class | Regions |
|---|---|---|
| Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
| Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Contact | |
|---|---|
| Name | Delinea support |
| URL | https://delinea.com/support |
| support@delinea.com |
| Connector Metadata | |
|---|---|
| Publisher | Delinea, Inc. |
| Website | https://www.delinea.com |
| Privacy Policy | https://delinea.com/privacy-policy |
| Categories | Security |
Delinea Secret Server is a privileged access management solution that is quickly deployable and easily managed. With the use of this connector, you can discover and get your privileged accounts details in Microsoft Power Automate.
Prerequisites
You will need the following to proceed: • A Delinea Secret Server installed • Secret Server application account • An Azure subscription. • The Power platform CLI tools. • Python should be installed
How to get credentials
In order to use this connector you will need Delinea Secret Server admin access rights to create application account. This can be done by login to application click on Admin > User Management section. Refer
Get started with your connector
Since the connector uses OAuth as authentication type, we first need to install custom connector. This connector will be used to get the authorization token required to invoke rest APIs used by the connector on user's behalf. After this setup, you can create and test the connector.
Follow the steps below:
Login to Microsoft Power Automate using portal(https://powerautomate.microsoft.com/en-us/),
Create Secret in Secret Server and share secret for App Account. refer
Install paconn by running
pip install paconn
If you get errors saying 'Access is denied', consider using the --user option or running the command as an Administrator (Windows).
- Configure connector
a. Open “Custom connector”. b. Enter base URL without schema (ex. http:// or https ://) c. And click on “Create”.
Known issues and limitations
The connector is currently working up to Secret Server version 11.2.00000
Common errors and remedies
• “The API receives an invalid response “.
: Check the credentials of application account created in Secret Server.
• “Action 'Get_secret' failed”
Verify the secret id entered.
• “API_AccessDenied”
Check the secret is having the permission of application account in Secret Server.
FAQ
Q. Do I need a paid version of Delinea Secret Server to utilize the connector? A: No, you can test it during the trial period too.
Creating a connection
The connector supports the following authentication types:
| Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
| Name | Type | Description | Required |
|---|---|---|---|
| Base URL to Secret Server | string | Enter base URL for Secret Server | True |
Throttling Limits
| Name | Calls | Renewal Period |
|---|---|---|
| API calls per connection | 100 | 60 seconds |
Actions
| Get secret |
Get a single secret by ID |
| Get secret template |
Get a single secret template by ID |
| Retrieve or Refresh Access Token |
Retrieve an access token for use with other API requests or refresh an access token. |
Get secret
Get a single secret by ID
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Secret ID
|
id | True | integer |
Secret ID for get secret object |
|
Authorization
|
Access-Token | True | string |
Bearer |
Returns
Secret
- Body
- SecretModel
Get secret template
Get a single secret template by ID
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Template ID
|
id | True | integer |
Get template secret by Id |
|
Authorization
|
Access-Token | True | string |
Bearer |
Returns
Template to define the secret.
- Body
- SecretTemplateModel
Retrieve or Refresh Access Token
Retrieve an access token for use with other API requests or refresh an access token.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Authentication grant type.
|
grant_type | True | string |
Authentication grant type. Use 'password' when authenticating, and 'refresh_token' when refreshing a token. |
|
Username for access to Secret Server
|
username | True | string |
Secret Server authentication username. Required when authenticating. |
|
Password for access to Secret Server
|
password | True | string |
Secret Server authentication password. Required when authenticating |
Returns
API access token response
- Body
- TokenResponse
Definitions
TokenResponse
API access token response
| Name | Path | Type | Description |
|---|---|---|---|
|
access_token
|
access_token | string |
Authentication token |
|
token_type
|
token_type | string |
Authentication token type |
|
expires_in
|
expires_in | integer |
Authentication token expiration time, in seconds |
|
refresh_token
|
refresh_token | string |
Refresh token. This is only provided when the server is set to allow refresh tokens for web services and when the session timeout duration is not set to Unlimited. |
SecretModel
Secret
| Name | Path | Type | Description |
|---|---|---|---|
|
accessRequestWorkflowMapId
|
accessRequestWorkflowMapId | integer |
Id of the assigned access request workflow. |
|
active
|
active | boolean |
Whether the secret is active |
|
allowOwnersUnrestrictedSshCommands
|
allowOwnersUnrestrictedSshCommands | boolean |
Whether Secret Owners are subject to SSH Command Restrictions, if enabled. |
|
autoChangeEnabled
|
autoChangeEnabled | boolean |
Whether Automatic Remote Password Changing is enabled. |
|
autoChangeNextPassword
|
autoChangeNextPassword | string |
Next Password to be used for Remote Password Changing. |
|
checkedOut
|
checkedOut | boolean |
Whether the secret is currently checked out |
|
checkOutChangePasswordEnabled
|
checkOutChangePasswordEnabled | boolean |
Whether to initiate a password change when the secret is checked in. |
|
checkOutEnabled
|
checkOutEnabled | boolean |
Whether secret checkout is enabled |
|
checkOutIntervalMinutes
|
checkOutIntervalMinutes | integer |
Checkout interval, in minutes |
|
checkOutMinutesRemaining
|
checkOutMinutesRemaining | integer |
Minutes remaining in current checkout interval |
|
checkOutUserDisplayName
|
checkOutUserDisplayName | string |
Name of user who has checked out the secret |
|
checkOutUserId
|
checkOutUserId | integer |
ID of user who has checked out the secret |
|
doubleLockId
|
doubleLockId | integer |
Id of the DoubleLock configuration for this secret. |
|
enableInheritPermissions
|
enableInheritPermissions | boolean |
Whether to inherit permissions from the parent folder (true), or use explicit permissions. |
|
enableInheritSecretPolicy
|
enableInheritSecretPolicy | boolean |
Whether the secret policy is inherited from the containing folder |
|
failedPasswordChangeAttempts
|
failedPasswordChangeAttempts | integer |
Number of failed password change attempts |
|
folderId
|
folderId | integer |
Containing folder ID |
|
id
|
id | integer |
Secret ID |
|
isDoubleLock
|
isDoubleLock | boolean |
Whether double lock is enabled |
|
isOutOfSync
|
isOutOfSync | boolean |
Out of sync indicates that a Password is setup for autochange and has failed its last password change attempt or has exceeded the maximum RPC attempts |
|
isRestricted
|
isRestricted | boolean |
Whether the secret is restricted |
|
items
|
items | array of RestSecretItem |
Secret data fields |
|
lastHeartBeatCheck
|
lastHeartBeatCheck | date-time |
Time of last heartbeat check |
|
lastHeartBeatStatus
|
lastHeartBeatStatus | HeartbeatStatus |
Current status of heartbeat |
|
lastPasswordChangeAttempt
|
lastPasswordChangeAttempt | date-time |
Time of most recent password change attempt |
|
launcherConnectAsSecretId
|
launcherConnectAsSecretId | integer |
Id of the secret used for the Connect As Commands feature. |
|
name
|
name | string |
Secret name |
|
outOfSyncReason
|
outOfSyncReason | string |
Reason message if the secret is out of sync |
|
passwordTypeWebScriptId
|
passwordTypeWebScriptId | integer |
Id of the Web Password Changer script to use for Web Password Changing. |
|
proxyEnabled
|
proxyEnabled | boolean |
Whether to use the Proxy service for launchers on this secret, if available. |
|
requiresApprovalForAccess
|
requiresApprovalForAccess | boolean |
Whether a workflow approval process is required to access this secret. |
|
requiresComment
|
requiresComment | boolean |
Whether a comment is required to access this secret. |
|
responseCodes
|
responseCodes | array of string |
Reasons that the user may not be able to retrieve the secret. |
|
restrictSshCommands
|
restrictSshCommands | boolean |
Whether proxied launchers are subject to SSH Command Restrictions. |
|
secretPolicyId
|
secretPolicyId | integer |
Id of the Secret Policy applied to this Secret. |
|
secretTemplateId
|
secretTemplateId | integer |
Id of the template defining this Secret. |
|
secretTemplateName
|
secretTemplateName | string |
Name of secret template |
|
sessionRecordingEnabled
|
sessionRecordingEnabled | boolean |
Whether session recording is enabled |
|
siteId
|
siteId | integer |
Id of the Site to which this Secret belongs. |
|
webLauncherRequiresIncognitoMode
|
webLauncherRequiresIncognitoMode | boolean |
Whether web launchers will open an incognito browser session when launching this secret. |
RestSecretItem
Secret data field item
| Name | Path | Type | Description |
|---|---|---|---|
|
fieldDescription
|
fieldDescription | string |
Longer description of the secret field. |
|
fieldId
|
fieldId | integer |
The id of the field definition from the secret template. |
|
fieldName
|
fieldName | string |
The display name of the secret field. |
|
fileAttachmentId
|
fileAttachmentId | integer |
If the field is a file attachment field, the id of the file attachment. |
|
filename
|
filename | string |
If the field is a file attachment field, the name of the attached file. |
|
isFile
|
isFile | boolean |
Whether the field is a file attachment. |
|
isList
|
isList | boolean |
Whether or not the secret field is a list. |
|
isNotes
|
isNotes | boolean |
Whether the field is represented as a multi-line text box. Used for long-form text fields. |
|
isPassword
|
isPassword | boolean |
Whether the field is a password. Password fields are hidden by default in the UI and their value is not returned in GET calls that return secrets. To retrieve a password field value, make a GET call to /api/secrets/{secretId}/fields/{slug}. |
|
itemId
|
itemId | integer |
The id of the secret field item. Leave empty when creating a new secret. |
|
itemValue
|
itemValue | string |
The value of the secret field item. For list fields, this is a comma-delimited list of the list id guids that are assigned to this field. |
|
listType
|
listType | SecretFieldListType |
The type of list. Valid values are “None”, “Generic”, and “URL”. |
|
slug
|
slug | string |
A unique name for the secret field on the template. Slugs cannot contain spaces and are used in many places to easily refer to a secret field without having to know the field id. |
HeartbeatStatus
SecretFieldListType
The type of list. Valid values are “None”, “Generic”, and “URL”.
The type of list. Valid values are “None”, “Generic”, and “URL”.
SecretTemplateModel
Template to define the secret.
| Name | Path | Type | Description |
|---|---|---|---|
|
fields
|
fields | array of ISecretTemplateField |
Secret template fields |
|
id
|
id | integer |
Secret template ID |
|
name
|
name | string |
Secret template name |
|
passwordTypeId
|
passwordTypeId | integer |
Id of the Remote Password Changing configuration used by this Template. |
ISecretTemplateField
Secret template fields
| Name | Path | Type | Description |
|---|---|---|---|
|
description
|
description | string |
Description |
|
displayName
|
displayName | string |
Display Name of this field. |
|
editablePermission
|
editablePermission | integer |
Type of permission level required to edit this field. |
|
editRequires
|
editRequires | EditRequiresOptions |
Reasons that the user may not be able to retrieve the secret. |
|
fieldSlugName
|
fieldSlugName | string |
Web-compatible name for this Secret Field. This name will be used for API calls. |
|
generatePasswordCharacterSet
|
generatePasswordCharacterSet | string |
Id of character set to use when generating a value for this field. |
|
generatePasswordLength
|
generatePasswordLength | integer |
Length of value to generate for this field. |
|
hideOnView
|
hideOnView | boolean |
Whether to display this field in a view context. |
|
historyLength
|
historyLength | integer |
Length of the history stored for this field. |
|
isExpirationField
|
isExpirationField | boolean |
Whether Secret Expiration is based on this field. |
|
isFile
|
isFile | boolean |
Whether this field represents a File Attachment. |
|
isIndexable
|
isIndexable | boolean |
Whether this field will be indexed for search. |
|
isList
|
isList | boolean |
Whether this field is a List field. |
|
isNotes
|
isNotes | boolean |
Whether this field is a Notes field. |
|
isPassword
|
isPassword | boolean |
Whether this field is a Password field. |
|
isRequired
|
isRequired | boolean |
Whether population of this field is required for the secret to be valid. |
|
isUrl
|
isUrl | boolean |
Whether this is a field is a URL field. |
|
listType
|
listType | ListType |
Type of List to map to this field. |
|
mustEncrypt
|
mustEncrypt | boolean |
Whether this field is encrypted within the Database. |
|
name
|
name | string |
Name |
|
passwordRequirementId
|
passwordRequirementId | integer |
Id of the Password Requirement associated with this field. |
|
passwordTypeFieldId
|
passwordTypeFieldId | integer |
Id of the Password Type for Web Password Automatic Password Changing. |
|
secretTemplateFieldId
|
secretTemplateFieldId | integer |
Id of the Field definition on which this Field is based. |
|
sortOrder
|
sortOrder | integer |
Order in which this field is displayed when viewing the Secret. |
EditRequiresOptions
Reasons that the user may not be able to retrieve the secret.
Reasons that the user may not be able to retrieve the secret.