Skip to main content
availability

Deployment: Invicti Platform on-demand

Secrets

The Secrets feature in Invicti Platform provides a secure central location for storing authentication credentials. Instead of entering credentials directly into scan configurations, you store them once as named secrets and reference them wherever they're needed.

This document explains how to add, edit, and delete secrets in Invicti Platform.

Why it matters

Entering credentials directly into scan configurations creates risks. Credentials get duplicated across many Targets, shared with unintended users, and remain active after team membership changes.

With secrets, you store a credential once and reference it by name in any scan configuration that needs it. When a password changes, you update it in one place and every configuration using that secret picks up the change automatically. Access control works at the secret level - you can restrict a credential to specific teams or users without touching individual scan settings.

Secret values are write-only: once saved, they can't be retrieved or displayed. This limits exposure to the credential itself.

Secrets overview

You access the Secrets page from Scans > Secrets in the left-side menu. The page lists all secrets you can access, with the following columns:

  • Name - the identifier you assigned to the secret.
  • Assigned to - who has access to the secret.
  • Last used - the date the secret was last used in a scan.
  • Modified - the date the secret was last updated.
Secrets page listing secrets with Name, Assigned to, Last used, and Modified columnsSecrets page listing secrets with Name, Assigned to, Last used, and Modified columns

Add a secret

  1. Select Scans > Secrets from the left-side menu.
  2. Click Add new secret.
  3. Enter a Name for the secret. Use something descriptive that identifies the credential, for example, staging_pass_John. The name can contain only letters, numbers, hyphens, and underscores.
  4. Enter the Value - the actual credential to store. The value is masked and can't be retrieved after saving.
  5. Under Secret availability, select who can use this secret:
    • Only me - only you can access the secret.
    • Entire org - all users in your organization can access the secret.
    • Specific teams - only users in the selected teams can access the secret. After selecting this option, click Assign teams, check one or more teams in the list, and click Assign team to confirm.
    • Specific users - only the selected users can access the secret. After selecting this option, click Assign users, check one or more users in the list, and click Assign user (n) to confirm, where n is the number of selected users.
  6. Click Save.
Add Secret dialog with Name and Value fields and Secret availability optionsAdd Secret dialog with Name and Value fields and Secret availability options

Edit a secret

You can update a secret's value, availability level, and team or user assignments. The secret name can't be changed after creation.

  1. Select Scans > Secrets from the left-side menu.
  2. Click the pencil icon next to the secret you want to edit.
  3. To change the stored credential, enter a new value in the Value field. Leave it empty to keep the current value.
  4. Update Secret availability and assignments if needed.
  5. Click Save.

Delete a secret

Deleting a secret may break scan configurations

If a scan configuration references this secret, it stops working after you delete the secret.

  1. Select Scans > Secrets from the left-side menu.
  2. Click the trash icon next to the secret you want to delete.
  3. Type the secret name in the confirmation field.
  4. Click Delete.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?