Thycotic incident
Secret Server Cloud: US - Investigating UI and RPC issues
Thycotic experienced a minor incident on July 9, 2026 affecting Secret Server Cloud, lasting 2h 45m. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- investigating Jul 09, 2026, 07:57 PM UTC
Our team is aware of an issue affecting RPC and is actively investigating. We will provide additional updates as more information becomes available.
- identified Jul 09, 2026, 08:00 PM UTC
We have identified the root cause and are actively working to mitigate the issue. Further updates will be provided as they become available.
- monitoring Jul 09, 2026, 08:33 PM UTC
We have implemented a fix and are currently monitoring. Further updates will be provided soon.
- resolved Jul 09, 2026, 10:42 PM UTC
We are pleased to inform you that the incident affecting US Secret Server Cloud has been resolved. Our team has implemented a fix, and all systems are now operating normally. We apologize for any inconvenience this incident may have caused, and we appreciate your understanding and support. For any questions or concerns, please reach out to our support team at https://support.delinea.com.
- postmortem Jul 10, 2026, 12:38 AM UTC
## Incident Overview On July 9, 2026, customers in the SSC US region experienced degraded secret access for approximately two hours. Affected customers were unable to reliably view secrets, launch remote sessions, or perform RPC operations during the impact window. * Start: July 9, 2026, 1:52 PM Central \(6:52 PM UTC\) * End: July 9, 2026, 3:55 PM Central \(8:55 PM UTC\) ## Root Cause and Remediation During routine investigation of an unrelated alert, a credential used by our internal messaging infrastructure was regenerated. This infrastructure supports background processing, web requests, and session handling across the SSC US region, and all of these components authenticate using the same credential. The regeneration invalidated all active connections immediately, with no transition period. This caused background processing to stop and web requests that depend on the messaging layer to hang and eventually fail. To remediate, Our team updated the affected systems with the new credential and restarted the impacted services. Connectivity was automatically re-established once services restarted. No action was required from customers. Recovery was confirmed at 3:55 PM Central. ## Preventative Actions * Implement change-control gates on root key operations against production namespaces to prevent unreviewed key rotations. * Add alerting on messaging error rates so a degraded state is detected and surfaced immediately, rather than during unrelated investigation. We sincerely apologize for the disruption this caused and the inconvenience to your operations. We are committed to preventing recurrence through the above actions.