Forum / Remote Desktop Manager - Feature Request

Accessing credentials stored in private vault

  • Create an Issue
  • Cancel

It is currently possible to create credential objects in the Private Vault, but while it's possible to select those credentials via user-specific override, there is no way to link private vault credential entries by name to global session settings, so I would like to request this as a new feature.

If it were possible, the idea would be that you could set the name of a private vault credential entry globally, and then as long as anyone else using RDM had a private vault credential entry with the exact same name, RDM would use those credentials, otherwise the user would be prompted to enter credentials manually. RoyalTS currently has a similar capability, and I'm trying to get a team that uses RoyalTS to convert to RDM, but would need the ability to link to private vault credentials by name in order to emulate that behavior.

In terms of how this would be implemented, I would suggest adding the "Private Vault credential entry" option found in the user specific settings to the Credentials drop-down list in the global session settings dialog. With this implemented, a new user would only have to create their private credentials entry with the appropriate name, and would not also have to define user-specific credential settings for all their sessions.

Clock4 yrs

Hello Bradley,
It's a good idea. RDM could prompt for the credential list if more than one credential entry is found in different folder.

What do you think?

David Hervieux

signaturesignature

Clock4 yrs

Hmm, that sounds like an additional tweak to my original suggestion, but yes, if more than one match is found, it would make sense to then prompt for which one to use. Either that, or make an option where if public and private credentials are found with the same name, the private one would automatically override the public one. If multiple private or private entries are found with the same name, there would still need to be a prompt though.

Clock4 yrs

Hi,
my collegue asked for a similar feature.

but plz make a selectable entry like "global define PV credentials" and add a feature to PV-Credentials-Entry to mark it as global useable.
I'm afraid, that there happens a lot of confusion to users if they dont want to user PV-Global-Credentials and have same named entries ....

anyway i think its a great feature-request.

regards,
markus

Best Regards
Markus

======================

Clock4 yrs

Hello Markus,
You want the entry in the private vault to be marked as global selectable? It could be an opt-out instead of opt-in checkbox?

David Hervieux

signaturesignature

Clock4 yrs

hi David,
i think i don't understand what you mean.....

Best Regards
Markus

======================

Clock4 yrs

So it looks like it me that does not understand what you mean

David Hervieux

signaturesignature

Clock4 yrs

ok, i meant that a pv-cred-entry should have a check-box to enable it to be global selectable.
by default it should not be global selectable (because thats why it is in pv ...)

Best Regards
Markus

======================

Clock4 yrs

But just to be sure even if its global selectable it will still only be usable by you and not by the other users.

David Hervieux

signaturesignature

Clock4 yrs

right!

Best Regards
Markus

======================

Clock4 yrs

maybe the difficult part is, that if you create a entry and use that global-pv-cred
you can't use the database-id of the global-pv-cred-entry because then it would be useless for others.

in case you use a global-pv-cred in a entry you have to only save the entry "name" or "title", so everyone with a global-pv-cred with the same "name" or "title" can use it.

Best Regards
Markus

======================

Clock4 yrs

Exactly. In this case the name will be used as a tag to apply your own credentials. Eventually it could also be a specific property used to link the global with the private.

David Hervieux

signaturesignature

Clock4 yrs

Hello,

You will be able to use this feature for remote sessions. There will be an option in the "credentials" box called "Private vault search" which will allow you to type in a field the name you will look for in the private vault. If it finds it, it will use it to open the session, if it doesn't find it, it will let you choose an available private vault session.

When executing the search, it will only look for credentials marked as available globally. Credentials will have this option when used in the private vault. The default is "unavailable". You can change this for each credential or in File > Options > Types > Credentials

I think both of these changes answer the feature requests. If we misunderstood something, feel free to tell us.

This will be available in the next version of RDM.

Regards,

Hubert Mireault

signaturesignature

Clock4 yrs

Thanks Hubert. Looking forward to it!

Clock4 yrs

Hi Hubert,
trying to use that new feature.

plz make "private vault search" also available for batch-edit!

thx

regards,
markus

Best Regards
Markus

======================

Clock4 yrs

Hello Markus,

That's a good idea, we'll work on a batch edit/batch action for this.

If you wanted another option that could edit a bunch of connections and set them to private vault search with a specified string, you could do the following: Select the entries you want to change > Right click > Edit > Batch edit > Batch Action > Custom powershell command. For the command, enter these commands

$connection.CredentialConnectionID = "88E4BE76-4C5B-4694-AA9C-D53B7E0FE0DC"
$connection.CredentialPrivateVaultSearchString = "SEARCH_STRING"
$RDM.Save();

This will change the connection's credential mode to Private Vault Search and change the value of that string to whatever you put instead of "SEARCH_STRING". This is just a workaround until we get to making an easier to use batch edit for this.

Regards,

Hubert Mireault

signaturesignature

Clock4 yrs

Just a heads up, the next version of RDM will allow using the private vault search option in a batch edit (change saved credentials).

Regards,

Hubert Mireault

signaturesignature

Clock4 yrs

Hello again! I just installed RDM 11 to test this new feature, and while I see the new "Private vault search" option in the Credentials drop-down list on individual sessions, that option appears to be missing from the Credentials drop-down on groups/folders. Is this a technical limitation, or was this just omitted by accident?

Clock4 yrs

Hello Bradley,
I don't think it's a technical limitation. We will add this soon in a minor upgrade if it's possible.

David Hervieux

signaturesignature

Clock4 yrs

This feature sounds great, however I can't seem to get it to search within a credential repository for example LastPass. I created a LastPass entry named Test and selected Private Vault Search and put Test in for the name. It was unable to select the appropriate login credential. I can manually navigate and select it so the visibility/login is fine.

Clock4 yrs

Hi,
Could you send few print screen to support at devolutions.net? I will verify what could be wrong.

David Hervieux

signaturesignature

Clock4 yrs

Hi,

Could you make sure that in your credential entry, the global availability is set to Available? If you set it to default, could you check in File > Options to see if the default value is available?

g1
g2

With both of these methods, it works in our environment. As David said, if that isn't the issue, screenshots would be appreciated.

Regards,

Hubert Mireault

signaturesignature

g1.jpg
g2.jpg
Clock4 yrs

So I have a LastPass account configured as shown:
LastPass Setup

I then created a Test Connection as shown:
TestConnection

When I double click the Test connection I get the following:
Connection Opened

Typing Test into the search field results in this:
Connection Search

Double clicking the LastPass entry you can see that there is a stored password called Test:
Connection Double

Credentials like Hubert shows works fine, the problem is searching with a LastPass credential repository. Hope this helps!

TestConnection.PNG
LastPass-Setup.PNG
Connection-Opened.PNG
Connection-Search.PNG
Connection-Double.PNG
Clock4 yrs

Hello Patrick,
It might not be related but we have uploaded an updated version (11.0.1.0). It's possible that it contains a fix for your issue. We have fixed a side effect that could be linked.

Regards

David Hervieux

signaturesignature

Clock4 yrs

I have downloade and installed 11.0.1.0, however the issue is still as depicted above.

Clock4 yrs

Thank you Patrick,
I will let our team continue the investigation. At least now we know it's not related to the other bug.

Regards

David Hervieux

signaturesignature

Clock4 yrs

Hi Patrick,

We discussed this and your specific use case is not supported.

The search string you enter is the name of the LastPass entry itself, for example, but not a credential inside the LastPass vault. Searching deeper in the entries is an interesting feature to add but we'd have to check how to make it work.

Regards,

Hubert Mireault

signaturesignature

Clock4 yrs

@Bradley: Support for private vault search for group will be added in the next version.

Regards,

Hubert Mireault

signaturesignature

Clock4 yrs

Hi,
I just want to say Thanks for that great feature.

Since introduction we are using PV-Credentials a lot for our sessions.
Can't remember how we did without it.

Regards,
Markus

Best Regards
Markus

======================

Clock3 yrs

smile

David Hervieux

signaturesignature

Clock3 yrs