Login
Support home

Resources

Community Video Library Agent Training

Products

Freshservice Freshdesk Freshchat Freshcaller Freshsales Freshteam Freshworks Neo Freshsurvey
Freshservice for MSP
Solution home Freshservice IT Asset Management Passwords

Manage Secrets, Security, and Permissions

Modified on: Tue, 31 Mar, 2026 at 5:52 PM

Secrets are credentials saved to the inventory for automated tasks. To maintain a high security posture, permissions are assigned to each Secret for specific Users, Admin Groups, or both.

All secrets are stored using AES-256-bit encryption, which is gated by a user-defined passphrase. These credentials remain encrypted within the database and during backup processes. Every operation including adding, viewing, changing, or deleting a secret—is recorded in a comprehensive audit trail to ensure full accountability.

Configure global permissions

Define the high-level capabilities for administrative groups. Note that global permissions cannot be assigned directly to an individual user; users must be members of an Admin Group.

  1. Navigate to Tools > Admin Groups.

  2. Select a group and assign the following global permissions as needed:

    • Add: Allows group members to create new Secrets.

    • View / Change: Required to see the Secret menu. This enables the group to see that a Secret exists, but granular access is still required to interact with specific records.

    • Delete: Required to see the delete button. If a user has permission to change a Secret, they generally also have the ability to delete it.

Set permissions for individual secrets

When adding or editing a record under Resources > All Secrets, you can define granular access across six specific categories:


Permission Level

Applied to Users

Applied to Admin Groups

View

Users who can view the secret details.

Groups who can view the secret details.

Use Only

Users who can utilize the secret for discovery.

Groups who can utilize the secret for discovery.

View & Edit

Users who can view and modify the secret.

Groups who can view and modify the secret.


Important: At least one User or Admin Group must have permission to edit a Secret to prevent it from becoming inaccessible. If no permissions are specified, the user who created the Secret is granted view/edit permission by default.

Perform bulk permission changes

Update the access levels for multiple credentials simultaneously.

  1. Navigate to the Secrets list page.

  2. Select the target secrets and choose Change group permissions for selected passwords from the Actions menu.

  3. Use the checkboxes to clear existing group permissions if necessary.

  4. Select the new permission groups from the dropdown menu and save.

Security and session behavior

Understand the safeguards in place to protect sensitive data during active sessions.

  • Masking: Secrets are not displayed in the list page by default. Click the eye icon next to a Secret to reveal the plain-text value.

  • Session Timeout: After one minute of inactivity on a specific password page, the session will time out.

  • Global Timeout: A master timeout value in the Appliance Manager controls the overall session duration for all users.

  • Encrypted Backups: Backup files are encrypted with a user-entered passphrase. Neither the database passphrase nor the backup passphrase is included within the backup file itself; these must be stored externally and securely.