Start a new topic
Implemented

Password API/Pleasant Password Integration

Royal TSX integrates with some password stores, but none of the current ones are really enterprise-ready password storage.  It would be nice to offer integration to one (my employer uses Pleasant Password.), or ideally an API to enable shims to be written between the API of the password storage and Royal TSX.


I'm posting this in Mac as I'm a Mac user, but I know both pieces of software exist on other platforms, so really this should be considered a general feature request.


2 people like this idea

Hi there,


I'm happy to report that Royal TSX 4.0 has been released and includes this feature.

For more information about the major new features of Royal TSX 4.0, please head over to our major upgrade landing page.


cheers,

felix

Hi Felix,

thanks for your support.


I've read about Dynamic Credentials (really nice feature!), but that's not a viable option for us since we often work without direct internet access.


Thanks again, have a nice day!


Matteo

Hi Matteo,


well, all the parsing and general magic in RoyalJSON surely introduces performance penalties.

You might want to think about switching to Dynamic Credentials and don't import any passwords in the dynamic folder script. This way we don't have to encrypt all those passwords while loading the dynamic folder's contents but only when requested by a connection.


There's a dedicated section about Dynamic Credentials in the documentation. Please let me know if that helps!


cheers,

felix

Hi Felix,

glad to help :)


Yeah, I've read about the the dark side... I mean, the hard method ;), but since our password manager exports the passwords in a format that's really similar to "The easy (less flexible) method" format, it's much much simpler to me to use that method. So, I think I'll wait for the next beta, thanks.


One last question: speed. I've noticed that my script takes like 4 seconds for generating the RoyalJSON output, and RoyalTSX takes it's time to format everything, something like 30 passwords/sec. Since we have thousands of credentials, it takes some minutes each time I reload it. Is this something that you also are experiencing?


Thanks again for your kindness and for making this product better and better.


Regards,

Matteo 

Hey Matteo,


congratulations, you found a bug! ;-)


We've just fixed this and the fix will obviously be included in the next beta update.


In the meantime, you should be able to get the output you want by not using the "Path" property but manually nesting your objects. See the section "Building folder hierarchies - The hard (more flexible) method" of our RoyalJSON documentation: https://www.royalapplications.com/external/RoyalJSON_Beta.pdf


Many thx for bringing this to our attention!


cheers,

felix


1 person likes this

Hi Felix,

while it still would be nice to have some kind of "debug mode", I've figured out something. It looks like there is something with the "Path" object. Look at this example:


{

    "Objects": [

        {

            "Type": "Credential",

            "Path":"/Folder1/Folder2/Folder3/Folder4/Sample",

            "Name":"Entry1",

            "Username":"administrador",

            "Password":"password"

        },

        {

            "Type": "Credential",

            "Path":"/Folder1/Folder2/Folder3/Sample",

            "Name":"Entry2",

            "Username":"user",

            "Password":"password"

        }

    ]

}


This RoyalJSON should create a folder named "Sample" under "Folder4" and another one under "Folder3", right? Well, it doesn't. It creates folder "Sample" under "Folder4" and puts both entries into it.


Instead, this one works as expected:


{

    "Objects": [

        {

            "Type": "Credential",

            "Path":"/Folder1/Folder2/Folder3/Sample",

            "Name":"Entry2",

            "Username":"user",

            "Password":"password"

        },

        {

            "Type": "Credential",

            "Path":"/Folder1/Folder2/Folder3/Folder4/Sample",

            "Name":"Entry1",

            "Username":"administrador",

            "Password":"password"

        }

    ]

}


Regards,

Matteo

Hi Felix,

that's great! This means that even if a laptop get stolen and disassembled, there will be no passwords stored into the disk. Awesome!


Since you are so kind I have another little question: is there a way to troubleshoot the script execution? Right now I'm stuck with an error that says "An error occurred while importing objects from JSON: Sequence contains more than one matching element." but I can't figure out which is the problem. Is there a log somewhere, or an error reference? 


Thanks!


Matteo

Hi Matteo,


glad to hear that Dynamic Folders are helpful for you!


You can configure if you want to allow Royal TS/X to persist the folder contents. To do so, open the properties of your dynamic folder and either enable or disable "Persist (cache) folder contents".

When this is enabled, the dynamic folder's contents (including any encrypted values; i.e. passwords) are saved to disk as well. If it's disabled, none of the contents are saved to disk.


Hope that helps!


cheers,

felix

Hi Deimel,

I'm using the Dynamic Folder feature to implement our password manager with RoyalTS(x) and it works really well. I have a question: when the Dynamic Folder script gets the passwords from the third party services, are those stored in ram or in a temp file? I'm asking from a security perspective since I've noticed that it gets all the data when the application is launched.


Thanks,

Matteo

Hi everyone,


our Dynamic Folder Samples for Thycotic Secret Server and Pleasant Password Server are now available in our Toolbox repository on Github.


Please let us know if everything works as expected or if you're having issues!


Many thx,

felix

Hi Madan,


we're currently in the process of developing an import/export system for dynamic folders.

When that's complete, we'll be able to share some samples.


cheers,

felix

Can you please provide sample scripts 

Hi Madan,


to specify the script, you need to create a "Dynamic Folder" object and populate the "Dynamic Folder Script" section.

Please see the "Dynamic Folders" section of our RoyalJSON documentation for details.


Hope that helps!


cheers,

felix

Where do I specify the script to be executed to generate the credential object ? I have a curl script that will fetch the credential from the the password manager. 

 Looks good - I'll play with them as I have a chance, see if I can get it working in my situation.  (I may wait until the example scripts get released.)

Login or Signup to post a comment