About Secondary Approval

Secondary approval is now supported in the in the KeyControl Vault for Secrets.

• Secondary approval is enabled at the box level. Once enabled, all secrets in that box must use secondary approval for check out. For more information, see Creating a Box.

• At least one user must have the Vault Secondary Approver Policy access policy before secondary approval can be enabled. Users with the Vault Secondary Approver Policy can review and approve secondary approval requests. For more information, see KeyControl Vault for Secrets Access Policies.

• You can enable secondary approval when the box is created or at any time when you edit the box settings.

• If any secrets in the box are checked out before secondary approval is enabled, secondary approval will apply after the secret has been checked in and on subsequent checkouts.