Credential injection
0 vote
Hi,
Due to the security risk associated with sending credentials to the client where RDM is running, even if they are encrypted and ephemeral, there is still an encryption key that could potentially be used to recover the password.
It would be highly beneficial to have a feature that allows credential injection, at least from the PAM vault, directly from the gateway or a server inside the private network (similar to how the PSM server works in CyberArk).
This would significantly enhance security by ensuring that all passwords remain within the internal network, reducing the risk of exposure a lot more.
Kai
All Comments (4)
Hi Kai,
I’m glad to tell you that what you are looking for–proxy-based credential injection with Devolutions Gateway in PAM usage scenarios–is on our roadmap for 2025.
Work on this item has already started. I’ll link our internal ticket to this thread and keep you updated once the feature is released.
Best regards,
Benoit Cortier
hi Benoit!
That's awesome! An appreciate the feature! 😃
But do you have any more specific timeframe, like a month or a date? :P
Since we're looking to replace CyberArk, this feature is a must-have for rolling out Devolutions.
Kai
Hi Kai,
As of now, we don't have a specific release date or month for this feature. However, I can assure you that it is one of our priority items, and work is actively underway. We will keep you updated on any developments and notify you as soon as we have more precise information!
Best regards,
Benoit Cortier
Hi Kai,
Quick heads-up to inform you that we are currently working on this feature.
At first, only RDM will be supported, but we’ll add support for more protocols in the future.
The initial support will be released in RDM/DVLS/Gateway v2025.3.
Best regards,
Benoit Cortier