Tenant management best practices

This topic describes the best practices when your Secrets Hub service is suspended, activated, or deleted from your CyberArk tenant.

Action	Best practices
Suspension	After Secrets Hub is suspended: Disable Secrets Hub permissions to access secret store: In Microsoft Azure, disable the Azure application registration. In AWS, disable the AWS IAM role Disable the SecretsHub user access to Safes in Privilege Cloud, either by removing its membership in each Safe or disabling the user.
Activation	Before Secrets Hub is activated, enable everything that you disabled in Suspension If you need to update AWS IAM role or the Azure application registration details, see Edit secret store or Edit secret store.
Deletion	After Secrets Hub is deleted: Remove SecretsHub user from Privilege Cloud . Revoke Secrets Hub permissions to access secret store: In Microsoft Azure, delete the Azure application registration. In AWS, delete the AWS IAM role

Action

Best practices

Suspension

After Secrets Hub is suspended:

Disable Secrets Hub permissions to access secret store:
- In Microsoft Azure, disable the Azure application registration.
- In AWS, disable the AWS IAM role

Disable the SecretsHub user access to Safes in Privilege Cloud, either by removing its membership in each Safe or disabling the user.

Activation

Before Secrets Hub is activated, enable everything that you disabled in Suspension

If you need to update AWS IAM role or the Azure application registration details, see Edit secret store or Edit secret store.

Deletion

After Secrets Hub is deleted:

Remove SecretsHub user from Privilege Cloud .
Revoke Secrets Hub permissions to access secret store:
- In Microsoft Azure, delete the Azure application registration.
- In AWS, delete the AWS IAM role