Delinea Platform · Secret Server

Resilient
Secrets
Disaster Recovery for Privileged Access

Keep your organization's critical credentials available through any outage. Automatically replicate, protect, and recover your secrets — cloud or on-premises.

// ZERO DOWNTIMESECRET SERVER// PAMDELINEA PLATFORM// DISASTER RECOVERYPRIVILEGED ACCESS MANAGEMENT// ZERO TRUSTCLOUD REPLICA// ON-PREMISES REPLICASAML AUTHENTICATION// CREDENTIAL RESILIENCEBUSINESS CONTINUITY // ZERO DOWNTIMESECRET SERVER// PAMDELINEA PLATFORM// DISASTER RECOVERYPRIVILEGED ACCESS MANAGEMENT// ZERO TRUSTCLOUD REPLICA// ON-PREMISES REPLICASAML AUTHENTICATION// CREDENTIAL RESILIENCEBUSINESS CONTINUITY

Architecture Overview

How Resilient Secrets Work

Data flows from your primary Secret Server instance through an encrypted connection to the Delinea Platform — then replicates to your designated replica.

Delinea Platform

Connects to Secret Server via encrypted channel. Single source of truth for all platform logins.

Source Instance

Your primary Secret Server. Packages and transmits secrets data to the replica continuously.

Encrypted Sync

Replica pulls data packages from the source using an automated, encrypted replication connection.

Replica (Cloud / On-Prem)

Runs in read-only mode. Activates on outage — users log in via Platform credentials, SAML, or local accounts.

0

% Encrypted

0

Replica Types

0

Auth Methods

0

Downtime Goal

Replication Scope

What Gets Replicated

Resilient Secrets copies everything your team needs to keep operating. Some advanced configurations are intentionally excluded.

📁

Folders & Secrets

Subfolders, permissions, secret templates, active status, name, and all essential secret fields are replicated to the replica instance.

🔐

Roles & Permissions

All roles, their assignments to users and groups, and access control configurations are copied faithfully.

🏷️

Metadata

Metadata on secrets, folders, users, and groups that are configured for replication are included in every sync.

🚀

Launchers & Mappings

All launchers, their field definitions, mappings to secret templates, and associated secrets — excluding custom icons.

👥

Teams, Users & Groups

All user objects replicated. Delinea recommends setting replicated users inactive by default to manage licensing.

🌐

Sites

All sites replicated with the exception of site connector and engine info due to encryption constraints.

🚫

Excluded: 2FA Config

Two-Factor Authentication configuration details are not replicated to the replica instance.

🚫

Excluded: Password Change Info

Remote password changing schedules and expiration-related settings are not replicated.

Operational Guidance

Best Practices

Read-Only Mode

Always keep replicas in read-only mode during normal operation. There can only be one source of truth — your primary instance.

Geographic Distribution

For cloud replicas, deploy in a different geographic region. If both instances share a region, a regional outage could take both down.

Local Break-Glass Accounts

Create local accounts on on-premises replicas before any outage occurs. These ensure login when directory services are completely unavailable.

Configure SAML in Advance

Set up SAML with your IdP on both source and replica ahead of time. When the Platform is unavailable, SAML becomes your primary auth path.

Common Questions

Frequently Asked Questions

Knowledge Check

Test Your PAM Skills

Answer 5 questions about Resilient Secrets and Privileged Access Management.

Question 1 of 5

🛡️

Meet the Expert

Bert Blevins

AI · Identity Security · PAM · Delinea Expert

Technology entrepreneur, educator, and Certified Cyber Insurance Specialist with an MBA from UNLV and a background in advertising from Western Kentucky University. Bert bridges technical innovation and business strategy — having served as Adjunct Professor, PAM consultant, and community leader with Rotary International and the American Heart Association. He specializes in information architecture, privileged access management, and enterprise digital transformation.

PAMZero TrustDelineaDisaster RecoveryIdentity SecurityAIBlockchainCompliance

Get In Touch

Contact Bert

📞 832-281-0330 | ✉️ info@incgpt.com