Rest API v1 / includePasswords or includeSensitiveData

Hello,

Thank you for reaching us for that issue. Could you try with a credential entry ? Because you have the right URL, it should work. We don't support all entry types though. We support all credential types and password list could be different since there is many passwords in it.



Let us know if it works for a Username and password entry.

Best regards,

A serperate credential works indeed.

Will other entry types be added in the future to this endpoint ?
We never use serperate credentials etc :)

id          : df8ba509-a301-48cf-ab8f-bbe311703291
name        : test
description : 
path        : redacted
type        : Credential
tags        : {}
data        : @{domain=; password=test2; username=test}
modifiedOn  : 9/12/2024 8:31:26 AM
modifiedBy  : 
createdOn   : 9/12/2024 8:31:26 AM
createdBy   : AzureAD\redacted

Hello,

We started to support those because we thought the api would be more for DevOps purposes, but we notice that people want to use it in different use cases. What is your use case to get password from session throught the public API ? I will have a look if it would be possible.

Best regards

We are using this for our devops environment,

we need credentials from live stuff from our devolutions database.
if one changes a password, they change it in devolutions, thus, changing it automatically in our devops pipeline.

every credential is 'gated' behind the devolutions application password / keys
every script we have, uses devolutions to gather the required credentials, to access authenticated resources.

Hello,

We will analyze that in our next development cycle and see what could be possible. Meanwhile, you could link a credential entry to your RDP session so you could get the password from the credential entry without any problem. We will post back here once we have an update.

Best regards,

Thank you.

This perhaps also might be of interest to you, but, there's also this module.
Devolutions/devolutions-server: Devolutions Server REST Services (github.com)

unfortunately, that module is deprecated.

we depend heavily on this module,..... you don't wanna know....

i am so, so afraid that at some point in time, some update, will brick this module.
Then we have to rely on the heavyweigth devolutions.powershell module

If we could "just" query all types of credentials from the api, without having to load the whole devolutions.powershell module, that would cover 99% of our usecase.
The above module can do it
the rest of the uses, we can do with the devolutions.powershell module.

Would it be possible, to (perhaps?), but it a bit higher on the agenda.
Im dying to rewrite our functions to use a supported API.

Hello,

You are right, the Devolutions Server module is deprecated, but it has migrated to the Devolutions module. (Devolutions.PowerShell). PowerShell 7 is required for that module, but other than that, the migration from Devolutions Server module to that one should be straight forward. If it is not the case, don't hesitate to let us know, we will help you with pleasure.

In our next development cycle (2025.1), we plan to improve our public API to be able to get passwords from sessions and other entries. We will keep you posted for that. A version should be available January/February next year.

Best regards,

I can live with january / febuary next year :) Thank you very much for this.

As far as i know, the Devolutions.Powershell module is the successor or the old RemoteDesktopManager module (right ?)
I view this module as a "remote desktop client, but in powershell". Way overpowered for what we need it for ;)
A heavy hitter, The importing of the module takes alot of resources. as well as connecting, and the junk / cache it leaves behind.

The old Devolutions-Server module on github, "isn't a RDM client", but rather a wrapper, which fetches connections and secrets from the (internal) DVLS api.
We do not "download" sessions, but rather, do small effective little queries to get only the data we need.
It doesn't require the whole DLL library etc,..
The old devolutions-Server module on github Is a whole other product compared with the current devolutions.powershell module.

Am i seeing this wrong then ? :)

But, it doesn't matter anyhow, anymore.
2025.1 solves this.

Thank you for this !

Hello,

You are correct, Devolutions.Powershell is the successor of RemoteDesktopManager module. We merged everything in one module to simplify documentation, management and messages to customers. We will work on our Public API and will let you know when we have an update.

Best regards,

Hello,

Before implementing a solution for that and add a way to get password on different connection type, I just noticed that I don't have the exact connection type that you are using. I just want to be sure that I will cover your case at least. In one of your first message, I can see that you tried an RDP connection (I can see type : RDPConfigured in the server response). I'm assuming that I have to send back password for RDP connection at least, but do you expect to be able to get password from other type ? There are some types that will be harders and not sure we will support them in a first iteration.

Best regards,

we use RDP, Web, SSH.
In all cases, our objects have linked credentials to a password list. (multiple objects can use the same password, etc)

we also query "password lists" based on the object id. (all usernames / passwords / domain / host etc from this list in an array)

These are all our use cases :)

Hello,

For your information, our next release, 2025.1, will allow you to use the REST API to retrieve passwords for sessions (RDP, ARD, etc.). One missing feature is the ability to retrieve a specific password from a password list. We hope to add this functionality in a minor version soon.

Version 2025.1 BETA is already available; the official build should be available in a few weeks.

Best regards,

Really nice :) I will upgrade immediately when it's at GA :)

This would be interesting to me as well. I use a the YubiKey CLI in PowerShell to write my PAM password to one of my slots so I can have my account be mobile or "type" my password in places I cannot copy and paste. Getting this password via API, even if I have to manually check it out first, would be a nice thing to include in my PowerShell.

Hello,

Version 2025.1 was released a few weeks ago. You can download it here: https://devolutions.net/server/download/

Let us know if it fulfills your needs or if you have any questions.

Best regards,

Hello,

Sorry for the 'late' reaction ;)
So, i'm running 2025.1.9.0. atm.

imagine: a rdp connection. has a credential which resides in a password list. when i query this rdp connection, i actually get the sensitive data from the rdp connection (out of the list)

when i query an uuid of a password list, i don't get the sensitive data.
if i could query password lists (and get the full dump of the sensitive data of that list, including the custom fields), i would be feature complete here :)

Any ETA on the update / minor version for password lists ?

Hello,

Unfortunately, I don't have an ETA for that. We will plan the second part of our development cycle soon, and we will see if it can fit in our priorities. We will post back here once we have an update.

Best regards,

Hello.

Do you know if there is (perhaps) an update about this?
Thank you :)

Hello,

Unfortunately, there is no update on this at the moment. The retrieval of sensitive data from password lists via the REST API is still pending and has not been scheduled yet for an upcoming release. We will update this thread as soon as we have more information.

Thank you for your patience.

Best regards,