Thycotic Community - Secret Server - Best Practices - Organizing Secrets

Thycotic Community - Secret Server - Best Practices - Organizing Secrets - Messages http://www.thycotic.com/forums/messages.aspx?TopicID=534 Thycotic Community - Secret Server - Best Practices - Organizing Secrets - Messages en-us http://blogs.law.harvard.edu/tech/rss Jitbit AspNetForum Wed, 02 Jan 2013 08:42:34 GMT Wed, 02 Jan 2013 08:42:34 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=534 Message from Nick D
There needs to be separation of corporate secrets and personal secrets, as such, separation of technologies. I would encourage users to use personal password vaults such as LastPass.

There are also some past discussions on the forum that we all discussed folder/permission structures that scale well for a large user-base. I'll see if i can dig them up, but for example we stay away from folders that are for specific teams because there is no need for them (accept if using inherit folder permissions, which we find causes more trouble than its worth). We do single departments and environments within them.]]> Wed, 02 Jan 2013 08:42:34 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=534 Message from Ray V Wed, 02 Jan 2013 01:25:05 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=534 Message from Ray V
Am considering doing it in several different ways:

Team Secrets - Access based on departmental or team ACL's. Up to a group manager to organized secrets and grant access as they see fit (example: Database Team, Security Team)
Application / Environment Secrets - Similar to the above but based on individual applications or environments (example: Active Directory Administrators, Web Application XYZ Team)
Personal Secrets - Each user can store their own secrets

Thoughts on the above? Lessons learned? I'm trying to think how I structure the Personal secrets. Is there the concept of a "Home Directory" folder for users? Or could everyone's personal secrets just go in one top level folder and permissions are set automatically? I'm thinking it makes more sense to have a Personal/Home folder with subfolder per user so permissions can be inherited more easily...
Curious to hear how others out there have done this. We have around 3000 users who may eventually have access to the system so getting this right/scalable from the get-go is important.
Thanks!
Ray]]> Wed, 02 Jan 2013 01:23:45 GMT