Import Shared and personal KeePass

Hello,

Thank you for reaching out regarding this matter.

If I understand correctly, you’re looking to import both shared and personal KeePass data into the Shared and Employees User Vaults without losing any fields.

If that's the case, it should be possible to achieve this using a custom PowerShell script.

However, if I’ve misunderstood your request, please let me know which part I got wrong so we can clarify and find the best solution together.

Best regards,

Hello,
thanks for your reply.
Our Devolutions-System is a pure DevolutionsServer.

I went this way of using PowerShell and I'm able to connect to the devolutions server and requesting vaults and their values:

New-DSSession -BaseURI  $URL -WindowsAuthentication
Get-DSVaults -All
Get-DSEntry -VaultID "ID-of-the-vault"

What I'm actually missing is:

• accessing the personal vault
  • The personal vault of the user is not listed by "GET-DSVaults -All"

What my next steps are:

• Creating some new entries (just for testing) into some vault
  • Trying to create some different entry-types
  • Trying to add TOTP-Data to the new created entry

Do you have a hint or some examples on how to perform these steps?

I tried reading the Documentation and FAQs and searched available PowerShell-Commands.

Best regards,
Torben

Hello Torben,

The personal vault of the user is not listed by "GET-DSVaults -All"

This is the expected behaviour, as it is not possible, even as an Administrator, to access a user's vault.

Creating some new entries (just for testing) into some vault

Some code examples are available in the Devolutions KB and the GitHub Repository:
https://github.com/Devolutions/DevoSamples-ps/tree/main/module/entries
https://docs.devolutions.net/powershell/rdm-powershell/powershell-scripting/powershell-module/creating-folder-structure-csv
https://docs.devolutions.net/powershell/rdm-powershell/powershell-scripting/tips-tricks

Regards,
Min

Hello Min,

I checked your examples and got a simple PS-Script running - just the point concerning attachment need to be done. I'll try the next few days and come back to you.

Meanwhile I checked the .rdm - Import-/Export-Format which is used by devolutions server. This .rdm-xml-format fullfills exactly the requirements for importing structures by building a converter. Providing this to our employees would be the best solution to import complete KeePass-Exports to Devolutions. After I checked all the available possibilities (CSV-Import, Import using RemoteDesktopManager, ...) - there is no real one, which can be used.

I'm struggling with these two points:

• Passwords from PlainText
• Attachments

I hope you can give me a hint on how to set the password in plaintext in the rdm-xml-file for doing an import to devolutions server.
When comparing and analysing an exported file from dvls, the passwort is always crypted using some secret key. I read about ClearTextPassword but all attempts failed.

Best regards,
Torben

Hello Torben,

Unfortunately, in addition to the CSV import, there is no possibility of using the XML structure to import passwords in cleartext.

For the attachments, the following PS command should work:

$session = Get-RDMSession -Name 'RDP'
Add-RDMSessionAttachment -Session $session -Filename 'C:\files\readme.txt' -Refresh

Regards,
Min

Hello Min,

thanks for your explanation - too bad. XML or JSON would offer great possibilities to allow an universal structured import to Devolutions, with a very low hurdle for unexperienced people at the using end. Maybe this could be a feature-ticket for your developers.

However - I'll concentrate on building this by C# with integrated PowerShell and introduce this to my colleagues.

Best regards,
Torben

Hi Min,

one last question I haven't found concerning exporting.

What options would our administrators and users have to get the contents from all stored vaults (personal and shared)
including all the information (Credentials, OTPs, URLs, Custom-Values, Documents/Attachments) including the structure (folder)-information.

I think about what would happen, if for any case, all the included data needs to be exported for further usage.
This means, that all the information requires to be unencrypted or encrypted in a way it's decryptable by admins/users independant from DVLS.

Please consider that about >230 of the pure users would not have a RDM-License to access their personal vault.

Best regards,
Torben

Hello,

Thank you for reaching out regarding this matter.

If I understand correctly, you’re looking to import both shared and personal KeePass data into the Shared and Employees User Vaults without losing any fields.

If that's the case, it should be possible to achieve this using a custom PowerShell script.

However, if I’ve misunderstood your request, please let me know which part I got wrong so we can clarify and find the best solution together.

Best regards,

@Tommy Sanders
Hello Tommy,

as Min said it is not possibile to reach a users personal vault by powershell.
Do you have any other information or hint?

Best regards,
Torben

Hello Torben,

I would suggest the Export-RDMSession PowerShell command. This allows you to export all entries, attachments, and credentials to an RDM file. Of course, this file can be opened in RDM, and in combination with the USB / portable mode, it is really handy.
The data from the RDM file can be accessed without a license, which means it can also be opened in the RDM Solo edition.

More information and a sample script to export all vaults can be found here.

Again, this applies only for shared vaults - as it is not possible to access other user vaults, the users must export their own user vault themself, by using RDM or the web interface => User vault => hamburger menu top right => Export (.rdm)

Regards,
Min