Unit Password Management for Privileged Accounts

Managing passwords, encryption keys, and other privileged credentials is an important component of privileged account management. The university has licensed Passwordstate for password management within U-M units.

Passwordstate is an on-premise, web-based solution for enterprise password management that allows teams of people to access and share sensitive password resources. It is typically used for managing elevated and administrative passwords, as well as passwords for smaller proprietary systems, such as research databases.

Implementation requires, at a minimum:

  • A Microsoft SQL server
  • A server running Internet Information Services (IIS)
  • Ongoing administration of those servers

Use of U-M's Passwordstate license is intended for unit and research project implementations; it is not available to individuals other than through their units.


  • Allows for centralized, secure storage of passwords and SSH keys, with support for many different applications, server platforms, and services.
  • Supports role-based access control features to restrict and grant access to passwords by defined groups.
  • Provides the ability to automatically randomize, manage, and change vault passwords.
  • Supports Duo two-factor authentication.

Attention Michigan Medicine Units: Michigan Medicine units should not implement Passwordstate. Please contact Health Information Technology & Services (HITS) for information about appropriate password management for Michigan Medicine units.

Using Passwordstate

The Passwordstate software is available directly from the Click Studios website. It is licensed only for U-M unit and research use. The license is available in a U-M Dropbox Passwordstate folder (U-M login required). Documentation regarding installation at U-M is also available in that folder.

Support for Passwordstate is available from the vendor, Click Studios: