InfoSecurity-Europe-Logo
Sectona at Infosecurity Europe 2025 | June 3–5 | ExCeL London
LIVE

Stop by our stand (C95) for a live demo of our Modern Infrastructure Access Platform.

Learn More
Learn More
Sectona-Logo
Request Demo
Sectona-Logo
  • Products
      PAM_0.webp

      Privileged Access Management

      Manage Passwords, Secrets & Monitor Sessions
      Group-1-2.webp

      Endpoint Privilege Management

      Secure Administrator Account Usage on Endpoints

      Sectona Security Platform

      Monitor Every Privileged Session

      Explore Platform
  • Solutions
  • Resources

      GET STARTED

      PAM 101
      Solutions Briefs
      Whitepapers
      Customer Stories

      LEARN

      Blog
      Guides and Toolkits
      Product Update

      INTRODUCING

      Sectona University

      Find latest courses, training materials, tips & tricks in security domain

      Start Learning Today
  • Services

      TRAINING & SERVICE

      Professional Services
      Training & Certification

      Get Support

      Create a Case
      Customer Success
      Download Resources
      Email Us

      News

      Customers' Choice 2024

      Gartner® Peer Insights™ 'Voice of the Customer'

      Read More
  • Company

      COMPANY

      About Us
      Customers
      Events
      News

      PARTNERS

      Find a Partner
      Become a Partner
      Register a Deal

      Career

      Grow Your Vision and Passion with Us
      Join the Team
      arrow.webp

      Contact Us

      We are here to help

      Get in Touch

      arrow-right.webp

      Customer Support

      We've got you covered

      Contact Support

      arrow-right.webp
Request Demo
Join Us at Infosecurity Europe 2025 | 3-5 June | ExCel London | Stand C95
Meet us at Gartner® Security & Risk Management Summit  | 10-11 March 2025 | Grand Hyatt, Mumbai | Booth 319
Learn More

Password Vaulting

Storing privileged account credentials in an encrypted and a secure service

Explore Platform

What is a Password Vault?

A Password Vault is a system that facilitates storing passwords in an encrypted form in a secure digital location. The stored and encrypted passwords are automatically fetched at the time of access and passed on to the user transparently or in clear text as desired, establishing communication to his/her entitlements.
 

Why do we Need a Password Vault?

With technological advancement, organizations around the world are adapting to the current situation by increasing their IT infrastructure. Accordingly, the number of resources entitled to a person increases and the need to secure the password for access increases to prevent illegitimate access.

Passwords are limited by a manual password management problem that results in challenges like memory capacity and password security. Memory capacity limits a user’s ability to remember long and complicated passwords and write them down on a sticky note. This also hinders the security of a password by being tempted to use repeat passwords or easy to remember passwords across multiple accounts, exposing the passwords to theft and illegitimate user access.

Passwords should be protected and guarded throughout their entire lifecycle, from creation to end, through a set of defined practices for which there are strict password management rules. It ensures that passwords are stored and encrypted in a secure location known as a password vault and are passed onto the user only if he/she presents proper identification, granting the user access to devices and applications to which he/she is entitled to. The passwords in the vault also undergo rotation on a pre-defined frequency, and when a user requests access, he/she receives credentials from the vault in a controlled fashion.

Sectona Password Vault?

Sectona Privileged Access Management solution provides a password vault that helps store access credentials of critical privileged accounts ensuring target IT assets are governed and protected at all times.

Sectona’s password vault is powered by commercial grade Oracle MySQL database that remains unexposed and tamper proof. The communication of the vault is with the Sectona PAM application through a secure protocol. It also caters to built-in High Availability (HA) architecture and thereby ensures higher security. Configuring Sectona PAM Vault to store credentials in AES 256 or RSA 2048 encrypted format, random and unique salt of defined encryption is used for every new privileged account credential entry. A unique and customizable encryption key can be defined that can be used to access the vault. The vault comes for two distinct categories – Primary Vault & Satellite Vault:

Password-Vaulting-Internal-01
  • Primary PAM Vault is the principal vault communicating with the PAM application responsible for storing credentials and critical data. While this is a centralized vault, the vault could be replicated for multiple instances – namely Primary, HA, DR, and Remote Site. While primary is the principal vault, HA is a near-backup vault, DR is a far-backup vault and remote site is an additional instance of a far backup vault which may or may not be common.
  1. Primary Instance: This is the primary mode of storing facility, which caters to a user’s immediate and principal access point and keeps him/her connected with his resources.
  2. High Availability Instance: Also known as the Fallback Instance, the High Availability Instance acts as a backup when the primary Vault goes down and takes over the Primary Instance mantle and ensures the user can get the required access. The initial primary Instance becomes the HA instance after it is back up online. The HA instance is a replica of the primary instance, always synchronized, enabling the HA to take over the responsibility when the primary instance is not available.
  3. Disaster Recovery Instance: When both the Primary and High Availability Instances are not available due to a failure or shutdown, the DR Instance provides the users with the required credentials to their resources, ensuring business continuity. Configuration to alternate the access node directing it to DR instance in case of a failure in primary and HA can be set in the solution.
  4. Remote Instance: A Remote Site Instance is a partial configuration on a remote DC location as part of the Primary PAM vault, which helps provide access in the temporary unavailability of primary vault. It is a replica of the primary Instance present in a different location, configured for privileged users in an organization requiring simultaneous access to target assets from two different locations.
  5. Sectona Remote site instance works as a partial primary PAM instance, which works as a primary instance to provide sessions in the event of a temporary unavailability of actual primary instance. And once a connection is established, they revert to their original roles. The remote site instance passes along the access log entries to the actual primary instance to ensure vault’s synchronization.
  • Satellite Vault is a secondary offline vault, configured on a secure isolated machine in the same network as the primary vault, easily accessible to users at the time of a Break-Glass Scenario. Satellite Vault is an offline copy of the Primary Instance of primary vault, ensuring complete synchronization by replicating a copy of privileged account credentials, whenever changed as per password rotation policy or ad hoc to maintain the latest copy.

    Satellite Vault administrators define which users or IT function owners can have access to satellite vault at the time of disaster scenario. The satellite vault authentication is also linked with a unique profile key generated from PAM at the time of user creation.

Password-Vaulting-Internal-03
When Sectona PAM is down, as per break-glass scenario, satellite vault administrators will log in to the offline vault and grant authorization for limited access to a set of users. Users can authenticate to the satellite vault with the help of their profile key and subsequently can see a list of authorized assets for the user as per defined access policy. Users can then check out the privileged account credentials to a target server/device without PAM for further use until primary PAM is up and running. The password is thoroughly audit trailed to record checkouts, which are allowed to be viewed only by the administrator.
 

Advantages of Sectona Password Vault

Apart from securing the credentials in a secure location, password vaults offer the following benefits as well:

  • Unique, random, and difficult passwords in compliance with best practice password policies.
  • Grants users the access to IT resources by logging in only once.
  • Automates the process of password change and takes away the risk of manually managing passwords

Related Articles

Password Reconciliation -Thumbnail
PAM 101 - Password Management

Password Reconciliation

Password Rotation -Thumbnail
PAM 101 - Password Management

Password Rotation

Password Reset vs Password Change -Thumbnail
PAM 101 - Password Management

Password Reset vs Password Change

RESOURCES

LEARN

COMPANY

GET SUPPORT

Sectona-logo-inverse-2
  • © 2025 Sectona Technologies Private Limited. All rights reserved. All trademarks held by their respective owners.

RESOURCES

LEARN

COMPANY

GET SUPPORT

Sectona-logo-inverse-2
  • © 2025 Sectona Technologies Private Limited. All rights reserved. All trademarks held by their respective owners.
  • Privacy Policy
  • Terms
  • Eula
  • Responsible Disclosure

RESOURCES

LEARN

COMPANY

GET SUPPORT

Sectona-logo-inverse-2
Sectona-logo-inverse-2
  • © 2025 Sectona Technologies Private Limited. All rights reserved. All trademarks held by their respective owners.
  • Privacy Policy
  • Terms
  • Eula
  • Responsible Disclosure