Skip to content

Initial Secrets (Secret Zero)

Bootstrap process generated a lot of secrets which will be used to access various services in the appliances at various stages of its operations. The same output can also be again accessed from User0 home directory in case something was missed. All secrets are also securely stored in SecretZero datastore.

Below are some sample outputs and its explanation - Please note below secrets will not work in your appliance.

Explanation of Secrets Generated

1. Application Admin Credentials

  • Username: Admin@Secret0.com
  • Password: p@ssword@123
  • Purpose: These credentials are used to log in to the main SecretZero application. They provide administrative access to manage the application.

2. SSH Key Pair

  • Public Key: securitaas.pub
  • Private Key: securitaas
  • Purpose:
  • The securitaas.pub file is distributed across all Unix and Windows servers. This file is downloaded from Appliance Manager which is described in this section
  • These keys enable certificate-based login for secure access to servers.
  • Note: The private key is stored securely within the appliance and doesnt need additional securing. It is not accessible even to administrator. Rotating private key is currently not possible from UI. Please contact support@securitaas.com if thats required.

3. LDAP Credentials

  • Username: sudo-readonly
  • Password: ptH68mIAeyDMgeGQ
  • Purpose: These credentials allow Unix servers to connect to LDAP and read sudo permissions.
  • Usage: These credentials will be added to each server's LDAP configuration file on unix servers.(sudo-ldap.conf)

4. API User Credentials

  • Username: publicuser|ddb558b0-e9b7-4af0-84f8-684346f65458
  • Password: 021819a8c797da96d271194e2bc0f1f76fdf249104912fe1556c107f87067011
  • Purpose:
  • These credentials enable programmatic access to retrieve the securitaas.pub file.
  • Used for automating the deployment of the public key across the Unix and Windows estate.

5. Breakglass Access Credentials

  • Username: user0_bgl
  • Password: 7Y6sRCCPoLRxPJJW
  • Purpose:
  • These credentials are crucial for accessing the Appliance Manager when all other login methods fail.
  • They can also be used to access the appliance from the console.
  • Important: These credentials should be securely stored outside of the SecretZero application, preferably in a physical location with extremely restricted access.

Additional Notes

  1. The bootstrap output contains sensitive credentials and secrets. It is critical to copy and store this information securely using the "Copy Output" button provided during the bootstrap process.
  2. Ensure all distributed files, such as the securitaas.pub key, are securely transferred and trusted by the target servers.