Automatic public/private vault export with activated MFA/2FA/TOTP?

Hello Daniel,

Thank you for contacting us on that matter.

With RDM connected to a SQL data source, the main obstacle is accessing the private vaults. Only the user can retrieve the data from their private vault, and even an administrator cannot access it.

For the shared vaults, even with the Devolutions PowerShell module, you will be prompted for the MFA. With a DVLS data source, it's possible to export all shared vaults data using an Application identity and the PowerShell module.

I presume you already thought about having a full database backup available at any moment.

Let us know if you have any more questions about this.

Best regards,

Hello Erica,

thank you for your feedback. Yes – we have different full backups to various destinations, with revisions, etc.
It’s really about the worst-case scenario and minimizing the time needed to access information after a crash, fire, or similar event.

Now, the amount of time required to access, for example, RDM data means:
You need a Domain Controller, a SQL Server, a RDM Client, and must impersonate accounts if you want to access specific data or private vaults.
Also, if a user accidentally deletes data in their vault, the rollback can sometimes take a considerable amount of time.

Are there any other options, particularly for performing automated backups of user vaults (with MFA enabled)?
As far as I understand, not really – because the data is encrypted inside the SQL database?
So, it's not possible to regularly export, for example, specific tables containing user vaults?

Maybe I'm thinking in the wrong direction – do you have any suggestions or hints on how to solve this?


Best regards,
Daniel

Hello dcapilla,

Thank you for this feedback.

Natively in RDM-SQL, there is no feature or option to export the user vault.
My colleague mentionned DVLS, but note that this could also be possible with Powershell to export the uservault with Hub Business.
This cloud solution could be used as an advanced data source and offer options to export the user vault as a CSV or JSON file.

Best regards,

Hello Patrick,

... just to be sure:
It's not about a direct automated export / out of RDM. It's about using the powershell module.
Goal: Automatic uservault export (e.g. scheduled PS script). Special challenge: With activated datasource MFA.

That's also not possible, when using the powershell module with RDM/SQL?
Only possible with DVLS or Hub Business (and Powershell)? If so, that unfortunately is no option for us in the next time.


Best regards,
Daniel

Hello Dcapilla,

Thank you for this feedback.

It would be possible for all users to configure their own PowerShell script to export their user vault.
Also note that the MFA could also be challenging since they will authenticate on the database with users and not with an application identity.

The application identity with DVLS or Hub is an admin account to connect to the data source as a "service account" and it is for automation.
What I suggest is to have a look together with a trial version as a POC to compare both solutions.

Simply open a case by sending an email at services@devolutions.net.

Best regards,

Hello Dcapilla,

After exchanging a bit, it seems like neither product is adapted to your infrastructure.

The only recovery solution is to stick with the backup and rebuild an environment, or revert to the backup of your SQL Server.
You can also keep an RDX file for the shared entries somewhere safe.

Best regards,