diff --git a/README.md b/README.md
index 8087889..a08b821 100644
--- a/README.md
+++ b/README.md
@@ -115,13 +115,14 @@ Data
 ```
 {
     "deviceName": "",
-    "deviceCategory": ""
+    "deviceCategory": "",
+    "userName": ""
 }
 ```
 
 Must be logged in to execute this command. Only secrets registered with the current user's RoleId can be retrieved.
 
-Either deviceName or deviceCategory can be specified (or both). Wildcards are supported for both deviceName and deviceCategory fields.
+Either deviceName or deviceCategory can be specified (or both). Wildcards are supported for both deviceName and deviceCategory fields. userName can also be specified in conjunction with deviceName or deviceCategory.
 1. The percent sign % wildcard matches any sequence of zero or more characters.
 2. The underscore _ wildcard matches any single character.
 
diff --git a/controllers/retrieve_secrets.go b/controllers/retrieve_secrets.go
index 21733fa..77856c1 100644
--- a/controllers/retrieve_secrets.go
+++ b/controllers/retrieve_secrets.go
@@ -12,6 +12,7 @@ import (
 type RetrieveInput struct {
 	DeviceName     string `json:"deviceName"`
 	DeviceCategory string `json:"deviceCategory"`
+	UserName       string `json:"userName"`
 }
 
 type ListSecret struct {
@@ -46,6 +47,7 @@ func RetrieveSecret(c *gin.Context) {
 	s.RoleId = u.RoleId
 	s.DeviceName = input.DeviceName
 	s.DeviceCategory = input.DeviceCategory
+	s.UserName = input.UserName
 
 	// Don't apply a role filter if user has admin role
 	results, err = models.GetSecrets(&s, u.Admin)
diff --git a/models/secret.go b/models/secret.go
index 611a055..42e091c 100644
--- a/models/secret.go
+++ b/models/secret.go
@@ -56,12 +56,20 @@ func GetSecrets(s *Secret, adminRole bool) ([]Secret, error) {
 	if adminRole {
 		// Determine whether to query for a specific device or a category of devices
 		// Prefer querying device name than category
-		if s.DeviceName != "" && s.DeviceCategory != "" {
+		if s.DeviceName != "" && s.DeviceCategory != "" && s.UserName != "" {
+			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND UserName = ?", s.DeviceName, s.DeviceCategory, s.UserName)
+		} else if s.DeviceName != "" && s.UserName != "" {
+			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND UserName = ?", s.DeviceName, s.UserName)
+		} else if s.DeviceCategory != "" && s.UserName != "" {
+			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND UserName = ?", s.DeviceCategory, s.UserName)
+		} else if s.DeviceName != "" && s.DeviceCategory != "" {
 			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ?", s.DeviceName, s.DeviceCategory)
 		} else if s.DeviceName != "" {
 			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ?", s.DeviceName)
 		} else if s.DeviceCategory != "" {
 			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ?", s.DeviceCategory)
+		} else if s.UserName != "" {
+			rows, err = db.Queryx("SELECT * FROM secrets WHERE UserName LIKE ?", s.UserName)
 		} else {
 			rows, err = db.Queryx("SELECT * FROM secrets")
 			//log.Printf("GetSecret no valid search options specified\n")
@@ -71,12 +79,20 @@ func GetSecrets(s *Secret, adminRole bool) ([]Secret, error) {
 	} else {
 		// Determine whether to query for a specific device or a category of devices
 		// Prefer querying device name than category
-		if s.DeviceName != "" && s.DeviceCategory != "" {
+		if s.DeviceName != "" && s.DeviceCategory != "" && s.UserName != "" {
+			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND UserName = ? AND RoleId = ?", s.DeviceName, s.DeviceCategory, s.UserName, s.RoleId)
+		} else if s.DeviceName != "" && s.UserName != "" {
+			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND UserName = ? AND RoleId = ?", s.DeviceName, s.UserName, s.RoleId)
+		} else if s.DeviceCategory != "" && s.UserName != "" {
+			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND UserName = ? AND RoleId = ?", s.DeviceCategory, s.UserName, s.RoleId)
+		} else if s.DeviceName != "" && s.DeviceCategory != "" {
 			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND RoleId = ?", s.DeviceName, s.DeviceCategory, s.RoleId)
 		} else if s.DeviceName != "" {
 			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND RoleId = ?", s.DeviceName, s.RoleId)
 		} else if s.DeviceCategory != "" {
 			rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND RoleId = ?", s.DeviceCategory, s.RoleId)
+		} else if s.UserName != "" {
+			rows, err = db.Queryx("SELECT * FROM secrets WHERE UserName LIKE ? AND RoleId = ?", s.UserName, s.RoleId)
 		} else {
 			rows, err = db.Queryx("SELECT * FROM secrets WHERE RoleId = ?", s.RoleId)
 			//log.Printf("GetSecret no valid search options specified\n")