Delinea Secret Server Integration
GGScout supports integration with Delinea Secret Server to collect and monitor your secrets. This guide will help you set up and configure the integration.
Supported Features
- Multiple secret versions collection
- OAuth authentication
- Tenant-specific configuration
- Cross-environment support
Configuration
To configure GGScout to work with Delinea Secret Server, add the following configuration to your ggscout.toml file:
[sources.delinea]
type = "delineasecretserver"
auth_mode = "oauth"
client_id = "${DELINEA_CLIENT_ID}"
client_secret = "${DELINEA_CLIENT_SECRET}"
fetch_all_versions = true
tenant = "${DELINEA_TENANT}"
tld = "com"
Configuration Parameters
| Parameter | Description | Required |
|---|---|---|
type | Must be set to "delineasecretserver" | Yes |
auth_mode | Authentication mode (e.g., "oauth") | Yes |
client_id | The client ID for OAuth authentication | Yes |
client_secret | The client secret for OAuth authentication | Yes |
tenant | Your Delinea tenant ID | Yes |
tld | Top-level domain (e.g., "com") | Yes |
fetch_all_versions | Whether to collect all versions of secrets | No |
Authentication
GGScout supports authentication with Delinea Secret Server through:
- OAuth: Using client ID and secret
- Environment Variables: Using standard Delinea environment variables
Environment Variables
DELINEA_CLIENT_ID: Your Delinea client IDDELINEA_CLIENT_SECRET: Your Delinea client secretDELINEA_TENANT: Your Delinea tenant ID
Best Practices
- Use environment variables for sensitive credentials
- Follow the principle of least privilege for access policies
- Enable
fetch_all_versionsto track changes in your secrets over time - Regularly rotate client secrets
- Use separate tenants for different environments
- Implement proper secret rotation policies
- Monitor access logs for suspicious activity
- Use strong password policies for secrets
