Start a new topic

Allow Dynamic Credentials to be used or copied outside connect time


I am currently working on an internal integration between an internal password management system and Royal TS.

All password access requires one API call per password, and everything is logged, so the Dynamic Credential feature is perfect for this use case.

However Dynamic Password has a limitation in that the credential information is only available at connect-time. I.e. Dynamic Password will not work for things like Key Sequence Tasks, web auto-fill et, which is a shame, because a lot of the value of Royal TS is in these features.

One simple example, with a solution like this it's impossible to connect to a Linux system, and then sudo to root if the Linux system is configured to make you re-enter your password on the sudo prompt. Without Dynamic Credentials, it's possible to use a Key Sequence Task, or right-click the connection and choose Copy Password and do it this way. There are many other cases when copying the connection's password is important.

It would be very helpful to us if Dynamic Credentials worked differently to permit the specific use cases of copying a password, or performing a web page autofill.

1 Comment

We were able to identify a workaround to solve specifically the case where we need to connect to servers and sudo as root. Of course it's possible to edit the sudoers file to be NOPASSWD, but that's not great.

One way that works without editing any configurations is setting the following as your SSH command (under the advanced options):

sudo -S -v <<<"$EffectivePassword$" 2> /dev/null ; sudo -s

This isn't great because it means I need a seperate connection object for "root" connections, and need to ahve those in a seperate window, but it works.

Much better would be if it would at least be possible to do "copy password" on a connection backed by a dynamic credential object instead.

Login or Signup to post a comment