Erasing Secrets
Erasing a secret permanently destroys (scrambles) the secret's data and makes the secret less visible to both users and admins. However, for users who have access to inactive secrets, the secret is still visible in the folder view for auditors and other secret users to confirm data destruction.
Erasure is primarily for regulatory compliance. Deactivation is for day-to-day operations.
Erasing and deactivating secrets are not the same thing. When deactivated, secrets are not removed forever. This maintains an audit trail for secrets, even ones that are no longer used. Administrators or users with specific permissions can view or even reactivate deactivated secrets. See Deactivating and Reactivating Secrets for details.
Task 1: Configuring Secret Erase
-
Ensure that you have a workflow license for Verify Privilege Vault.
-
Go to Admin > Roles in Verify Privilege Vault:
-
Create a new role named "Secret Erase Requester" or "Secret Erase Administrator" (see Creating Roles for details), assigning it the "Erase Secret" permission:
You can name the role anything you desire, but we recommend the above for clarity.
The "Erase Secret" role permission allows users with the role to create secret erase requests and view secret erase administration pages.
-
Go to Admin > Groups. The Groups tab of the User Management page appears:
-
Create a group named "Secret Erasers" and give it the "Secret Eraser" role:
-
Click the Members tab to add yourself to the Secret Erasers group.
-
Go to Admin > Workflows:
-
Create a "Secret Erase Requests" workflow template, assigning it the Secret Erase Request type. The Designer tab for the new workflow appears:
-
Assign one or more users or groups as approvers by typing each in the search text box in the Add Groups / Users section and then clicking your choice when it appears. It then appears in the Approvers list box.
We chose to have the approvers be the same group as those that can make the requests, but you can choose any groups or users you like or make a group just for approvals. The important thing is the same user cannot both make the request and approve it—that way, a single person cannot make an irreversible, potentially very harmful, mistake. -
Click the Save button. The result looks like this:
-
Go to Admin > Configuration:
-
Click the Security tab.
-
Click the Edit button at the bottom of the page. The page becomes editable.
-
Click to select the Enable Secret Erase check box in the Secret Erase section. The Secret erase Workflow dropdown list appears:
-
Click the Secret Erase Workflow dropdown list and select Secret Erase Request.
-
Click the Save button. Secret Erase is now set up.
Task 2: Erasing a Secret
-
Ensure the following requirements are met for the secret you intend to erase—ensure the secret:
- Is inactive
- Is owned by you
- Does not have a pending secret erase request
- Is not double-locked
- Is not checked out by another user
- Is not a discovery secret
- Is not a domain sync secret
-
For purposes of this instruction, create a secret for testing in your personal folder. For now, do not use an existing one to ensure all the requirements are met.
-
You can erase the secret via a dashboard bulk operation or from the More button on the top right of the secret itself. For a bulk operation, erase is accessed by the Bulk Actions button. Erase Secrets is in the Security section of the Bulk Actions popup. See Running Dashboard Bulk Operations.
If the "Erase Secrets" link does not appear in the Security section (when erasing from the dashboard) or "Erase" is not available on the More button (when erasing from the General tab) you may have not properly configured secret erase (see Task 1) or the secret might not meet one of the requirements above. -
When you click the Erase Secrets link, the Erase Secrets popup appears:
Here, you are essentially setting up a erase secrets request. The access request is sent to the users or user group you designated earlier.
-
Use the calendar and time widgets to set the Erase After Date. It must be minimum of 24 hours away to give the erase secrets request time to process. If you set it to less than that, you cannot continue the process.
-
Type your reasoning for permanently erasing the secret or secrets in the Reason text box. This is not tedium—the granter will need this to decide whether to let you take this irreversible, destructive action. Specifically, explain why a deactivation is not sufficient.
-
Click the Erase button. A confirmation popup appears:
-
Pause a second, and make sure you are sure.
-
Click the Erase Secrets Forever button.
-
When the erase request is approved, the secret or secrets will be erased by an automated process after the "erase after" date and time arrives.