Login
Support home

Resources

Community Video Library Agent Training

Products

Freshservice Freshdesk Freshchat Freshcaller Freshsales Freshteam Freshworks Neo Freshsurvey
Freshservice for MSP
Solution home Freshservice IT Asset Management Passwords

Master Password and Secret Operations

Modified on: Tue, 31 Mar, 2026 at 5:52 PM

Secrets are objects used to store credentials and related information, typically for the use of authentication during discovery.

To maintain a high security posture, you must initialize the vault with a master passphrase before creating your first record. This passphrase is used to encrypt all stored passwords. If you migrate your data to a new appliance via backup and restore, this passphrase is required to decrypt and view your secrets.

Create a master passphrase

You must perform this one-time setup before adding any credentials to the system.

  1. Navigate to Tools > Settings > Password Security.

  2. Enter a passphrase between 12 and 32 characters in length.

  3. Save the passphrase in a secure, external location.

Add a new secret

You can create secrets from the main menu or directly within discovery job configuration pages.

  1. Navigate to Resources > Secrets > All Secrets and click Create.

  2. Fill in the following identification fields:

    • Username: Required for identification and searching.

    • Label: An optional descriptive name to differentiate between similar accounts.

    • Category: Group the secret by type (e.g., Windows, Network, Database).

    • Devices/Application Components: Optionally link the secret to specific assets for centralized management.

  3. Configure the credential details:

    • Password Storage: Choose Normal (retrievable) or Burnt (non-retrievable).

    • Key File: Upload a private key if the secret uses key-based authentication.

    • # Days Before Expiration: Define a rotation window.

  4. Click Save.

Generate a secure password

If you are creating a new account, you can use the built-in generator to ensure high entropy.

  1. Click Generate Password at the top right of the Add Secret page.

  2. Click Use to insert the string or Generate Other for a new option.

  3. To change the default complexity (case, numbers, special characters), visit Tools > Settings > Global Settings.

Assign permissions

At least one user or group must be granted permission to view and edit the secret to prevent it from becoming inaccessible.

  • View Users/Groups: Can see the secret details.

  • Use Only Users/Groups: Can utilize the secret for discovery but cannot view the plain-text password.

  • View Edit Users/Groups: Full administrative control, including deletion.

[!NOTE] If these fields are left empty during creation, the system automatically assigns View Edit permissions to the logged-in user who created the record.

View and search secrets

Access your stored credentials through the centralized vault list.

  1. Navigate to Resources > Secrets > All Secrets.

  2. Use the search bar to find secrets by username, label, device name, or notes.

  3. Displaying Passwords: By default, passwords are obscured. Click the blue eye icon to reveal the password or the copy icon to add it to your clipboard.

  4. Modifying Records: Click the Username to view the details, then click Edit to reach the change password page.

Important security notes

  • Search Limitations: The global search bar does not return matches for the passwords themselves; you must perform searches within the All Secrets list page.

  • Audit Trail: All additions, edits, and view operations are logged to ensure administrative accountability.