How is Secret Server licensed? What about licenses for DR, staging and test?

Root > Secret Server

Anyone who logs into Secret Server will need their own user license. Secret Server is licensed per named user (not concurrent). It is not licensed by the number of passwords stored.


Does it matter how many passwords are stored?

No, Secret Server is licensed based on the number of users that can log in to Secret Server - not the number of passwords stored.

Testing/Staging/Disaster Recovery environments

Each Secret Server license may only be used on one production instance. You may also use your licenses in a non-production environment for testing/staging or disaster recovery purposes only. A Secret Server instance is defined as being a specific set of Secrets and users (regardless of database mirroring, clustering configurations, etc.).

What about "deleted" or inactivated users?

Any user can be disabled in Secret Server at any time using the Administration | Users screen. Disabled users don't count towards the license count. The user can later be reenabled if necessary. This allows you to maintain an accurate history of secrets in your system even when employees leave the company.

What about API users - do they count towards the license count?

You need a user account to access the Secret Server web services or API.  If you have Enterprise Plus Edition then you can mark these API users as Application Accounts (done per user under Administration | Users) and they won't count towards your license count.  (This is typically done for user accounts that correspond to service accounts or Application Servers).  These Application Accounts are only be able to use the API - they won't be able to log in using a web browser.

How many installations of the protocol handler are covered by my licensing?

As many as you need. There is no limit to the number of times your users can download and install the protocol handler. The protocol handler is installed on user workstations to allow them to use the Launcher feature, which is offered in all editions of Secret Server. It is often deployed via GPO in customer environments. For more details about the protocol handler, see Protocol Handler Launcher - General Information.


  1. One Secret Server environment for 40 admins with Professional Edition = 40 user licenses + Professional Edition license
  2. Two Secret Server environments - one for 20 admins and Enterprise Edition and one for 50 admins and Enterprise Edition = 70 user licenses + 2 Enterprise Edition licenses
  3. One Secret Server environment for 20 admins and Enterprise Plus Edition with a duplicate environment for disaster recovery (secondary site with a mirrored database) = 20 user licenses + 1 Enterprise Plus Edition license.

Add Feedback