Checkout Overview

Introduction

The Verify Privilege Vaultcheckout feature forces accountability on secrets by granting exclusive access to a single user. If a secret is configured for check out, a user can then access it. If Change Password on Check In is turned on, after check in, Verify Privilege Vault automatically forces a password change on the remote machine. No other user can access a secret while it is checked out, except unlimited administrators. This guarantees that if the remote machine is accessed using the secret, the user who had it checked out was the only one with proper credentials at that time.

The exception to the exclusive access rule is unlimited administrators. If Unlimited Administration is enabled, users with Unlimited Administrator role permission can access checked out secrets.

Secrets with a QuantumLock cannot be configured for check out.

Exclusive Access

Any user attempting to view a checked-out secret is directed to a notification dialog informing them when the secret is available. Verify Privilege Vault automatically checks in secrets after either 30 minutes or the interval specified on the secret. Users can check in the secret earlier from the secret's page.