Deactivating and Reactivating Secrets
Secrets are not removed forever in Verify Privilege Vault. Instead, they are deactivated. This maintains an audit trail for secrets, even ones that are no longer used. Administrators or users with specific permissions can view or even reactivate deactivated secrets.
In rare circumstances, such as for regulatory compliance, where deactivation is insufficient, you can instead erase secrets. See Erasing Secrets for details.
To deactivate a secret:
-
Navigate to the secret View page by searching or drilling down the folder tree.
-
Click the Options dropdown list and select Deactivate. A confirmation appears.
-
Click the Confirm Deactivate button.
-
The secret is logically deleted and hidden from users who do not have a role containing the View Inactive Secrets permission.
Verify Privilege Vault uses deactivations to maintain the audit history for all data. However, deactivated secrets are still accessible by administrators (like a permanent Recycle Bin) to ensure that audit history is maintained and to support recovery. A user must have the View Inactive Secrets permission in addition to Owner permission on a secret to access the secret View page for a deactivated secret. For more information about these permissions, see Overview of Users, Roles, User Groups, and User Teams and Sharing Secrets.
To reactivate a secret:
- Navigate to the secret view page.
- Click the Active menu link and select Inactive. The secret list now shows inactive secrets.
- Click the name link for the desired secret. Its secret page appears.
- Click the Options button and select Activate.