Skip to main content
The Delinea Secret Server secret provider connects the Orchestrator to Delinea Secret Server, a privileged access management (PAM) solution. Delinea Secret Server provides enterprise-grade credential vaulting, privileged session management, and audit-ready compliance reporting for sensitive access.
Console terminology: In the Maverics Console, Orchestrator instances and configuration delivery are managed through Deployments. When working directly with YAML, configuration is managed as files delivered via the -config flag or MAVERICS_CONFIG environment variable.

Overview

When configured with the Delinea Secret Server provider, the Orchestrator authenticates to your Delinea Secret Server instance and retrieves privileged credentials as needed. The provider supports the Delinea Secret Server REST API for retrieving secrets. Credentials are fetched at startup and cached for the duration of the Orchestrator process.

Use Cases

  • Enterprise PAM integration — connect the Orchestrator to an existing Delinea Secret Server deployment for centralized privileged credential management
  • Privileged credential checkout — check out credentials with time-limited access for audit compliance
  • Audit compliance for privileged access — maintain a complete audit trail of credential access for regulatory and compliance requirements

Configuration

Secret providers are not configured in YAML. They are set via the MAVERICS_SECRET_PROVIDER environment variable or the -secretProvider CLI flag.
Console UI documentation is coming soon. This section will walk you through configuring this component using the Maverics Console’s visual interface, including step-by-step screenshots and field descriptions.

Configuration via Environment Variable

export MAVERICS_SECRET_PROVIDER="delinea://server.example.com"

Configuration via CLI Flag

maverics -config maverics.yaml -secretProvider "delinea://server.example.com"

Referencing Secrets in YAML

Once the secret provider is configured, reference secrets in your Orchestrator YAML configuration using angle bracket syntax: 
connectors:
  - name: my-idp
    oauthClientSecret: <maverics.client_secret>

Configuration Reference

URL Structure

delinea://{server-address}

URL Parameters

ParameterRequiredDescription
Server addressYesHostname of the Delinea Secret Server instance (e.g., server.example.com)
Ensure the Orchestrator host has network access to the Delinea Secret Server REST API endpoint. Delinea authentication credentials are resolved from the Delinea client configuration on the host.

Troubleshooting

“Unauthorized” or authentication errors Verify that the Delinea credentials configured on the host are valid and have permission to access the required secrets. Check the Delinea Secret Server audit log for denied requests. “Connection refused” when starting the Orchestrator Confirm the Delinea Secret Server address is correct and that the Orchestrator host has network access to the Delinea REST API endpoint. Secrets not resolving in YAML configuration Ensure the angle bracket syntax matches the secret names in Delinea Secret Server. The namespace and key in <namespace.key> must correspond to the secret path and field stored in Delinea.

Secret Providers

Overview of all secret providers

HashiCorp Vault

External vault for secrets management