Start a new topic
Implemented

Password API/Pleasant Password Integration

Royal TSX integrates with some password stores, but none of the current ones are really enterprise-ready password storage.  It would be nice to offer integration to one (my employer uses Pleasant Password.), or ideally an API to enable shims to be written between the API of the password storage and Royal TSX.


I'm posting this in Mac as I'm a Mac user, but I know both pieces of software exist on other platforms, so really this should be considered a general feature request.


2 people like this idea

Hi everyone,


The first beta with support for Dynamic Folders and Dynamic Credentials is now available!

You can get the beta here: https://www.royalapplications.com/ts/mac/features-beta

Documentation for the feature is available here: https://www.royalapplications.com/go/kb-all-royaljson


In the coming weeks we will post a couple sample scripts to make getting started easier.


cheers,

felix


1 person likes this

Hi everyone,


our Dynamic Folder Samples for Thycotic Secret Server and Pleasant Password Server are now available in our Toolbox repository on Github.


Please let us know if everything works as expected or if you're having issues!


Many thx,

felix

Hi Daniel,


just wanted to let you know that we're working on a generic way to integrate with external data sources for the next major version.

How exactly this will work I can't yet say since we're still in the prototyping phase but it should allow you to use most kinds of centralized credential management systems.


cheers,

felix

Sounds good, thanks.  Having an available API of some sort for this will be great.  (And I fully understand not wanting to get into details while the details are still in flux.)

 

Yes, there will be some kind of API.

It's quite a challenge to make this as powerful as possible while still maintaining basic usability for non-programmers/scripters so we're playing around with different ideas right now.

 Looks good - I'll play with them as I have a chance, see if I can get it working in my situation.  (I may wait until the example scripts get released.)

Where do I specify the script to be executed to generate the credential object ? I have a curl script that will fetch the credential from the the password manager. 

Hi Madan,


to specify the script, you need to create a "Dynamic Folder" object and populate the "Dynamic Folder Script" section.

Please see the "Dynamic Folders" section of our RoyalJSON documentation for details.


Hope that helps!


cheers,

felix

Hi Deimel,

I'm using the Dynamic Folder feature to implement our password manager with RoyalTS(x) and it works really well. I have a question: when the Dynamic Folder script gets the passwords from the third party services, are those stored in ram or in a temp file? I'm asking from a security perspective since I've noticed that it gets all the data when the application is launched.


Thanks,

Matteo

Hi Matteo,


glad to hear that Dynamic Folders are helpful for you!


You can configure if you want to allow Royal TS/X to persist the folder contents. To do so, open the properties of your dynamic folder and either enable or disable "Persist (cache) folder contents".

When this is enabled, the dynamic folder's contents (including any encrypted values; i.e. passwords) are saved to disk as well. If it's disabled, none of the contents are saved to disk.


Hope that helps!


cheers,

felix

Can you please provide sample scripts 

Hi Felix,

that's great! This means that even if a laptop get stolen and disassembled, there will be no passwords stored into the disk. Awesome!


Since you are so kind I have another little question: is there a way to troubleshoot the script execution? Right now I'm stuck with an error that says "An error occurred while importing objects from JSON: Sequence contains more than one matching element." but I can't figure out which is the problem. Is there a log somewhere, or an error reference? 


Thanks!


Matteo

Hi Felix,

while it still would be nice to have some kind of "debug mode", I've figured out something. It looks like there is something with the "Path" object. Look at this example:


{

    "Objects": [

        {

            "Type": "Credential",

            "Path":"/Folder1/Folder2/Folder3/Folder4/Sample",

            "Name":"Entry1",

            "Username":"administrador",

            "Password":"password"

        },

        {

            "Type": "Credential",

            "Path":"/Folder1/Folder2/Folder3/Sample",

            "Name":"Entry2",

            "Username":"user",

            "Password":"password"

        }

    ]

}


This RoyalJSON should create a folder named "Sample" under "Folder4" and another one under "Folder3", right? Well, it doesn't. It creates folder "Sample" under "Folder4" and puts both entries into it.


Instead, this one works as expected:


{

    "Objects": [

        {

            "Type": "Credential",

            "Path":"/Folder1/Folder2/Folder3/Sample",

            "Name":"Entry2",

            "Username":"user",

            "Password":"password"

        },

        {

            "Type": "Credential",

            "Path":"/Folder1/Folder2/Folder3/Folder4/Sample",

            "Name":"Entry1",

            "Username":"administrador",

            "Password":"password"

        }

    ]

}


Regards,

Matteo

Hey Matteo,


congratulations, you found a bug! ;-)


We've just fixed this and the fix will obviously be included in the next beta update.


In the meantime, you should be able to get the output you want by not using the "Path" property but manually nesting your objects. See the section "Building folder hierarchies - The hard (more flexible) method" of our RoyalJSON documentation: https://www.royalapplications.com/external/RoyalJSON_Beta.pdf


Many thx for bringing this to our attention!


cheers,

felix

Login or Signup to post a comment