How can we help you today?

Start a new topic
Discussions Royal TS (for Windows) Questions

Dynamic Credentials - Integration with PW Vault without storing password

We have integrated Royal TS with our password vault - Bitwarden as per some guidelines and ready scripts shared on this and other sources.


We do have a need and ambition to secure it properly so the passwords for accounts are not being stored in RoyalTS or any other local sources but are dynamically retrieved at the time of connections from RoyalTS.

For this I believe we should be using Dynamic Credential Script but the documentation is not detailed enough or not straight forward what the logic and workflow should be. 

Can anyone on the forum or the RoyalTS guys explain how to utilize the Dynamic Credentials? For now we do use Dynamic folders and retreive required (filtered) accounts from Bitwarden but we would like to change the logic so passwords are not being stored locally anyhow.

5 CommentsSorted by Oldest First

Hi,


are you referring to this?

https://docs.royalapps.com/r2023/scripting/rjson/dynamic-credentials.html


Where exactly do you miss additional details?


Regards,
Stefan

Yes, that is only short documentation I found which at least for myself is not self explanatory.

There is no information on how the dynamic credential script is being triggered. The example seems to be too trivial to use it as reference for real case scenario when credential should be dynamically pulled from an online key/password vault such as Bitwarden.


Not being professional developer it would be good to get more detailed description on how to utilize this dynamic credentials functionality. We have managed to deploy dynamic folders and obtain all the credentials there but instead of this we only 

Well, the dynamic credential script is triggered when the credential is actually needed. The idea is (as documented) to only create a (dynamic) credential which is basically empty (doesn't have password or even a username). The dynamic credential script is executed before the connection is established. The reason the sample is "trivial" is because it really depends on how to talk to the backend. Here are a couple of samples where a dynamic credential script is used:


https://github.com/royalapplications/toolbox/blob/7d6295ede97545b5041a92eb8e2f4d3fcd8d84b4/Dynamic%20Folder/1Password/1Password%20v8%20(Python).rdfx

https://github.com/royalapplications/toolbox/blob/7d6295ede97545b5041a92eb8e2f4d3fcd8d84b4/Dynamic%20Folder/Passwordstate/Passwordstate%20(PowerShell).rdfe

https://github.com/royalapplications/toolbox/blob/7d6295ede97545b5041a92eb8e2f4d3fcd8d84b4/Dynamic%20Folder/Thycotic%20Secret%20Server/Thycotic%20Secret%20Server%20(PowerShell).rdfe

https://github.com/royalapplications/toolbox/blob/7d6295ede97545b5041a92eb8e2f4d3fcd8d84b4/Dynamic%20Folder/Pleasant%20Password%20Server/Pleasant%20Password%20(Python).rdfe


Hope this helps.

Thank you for sharing more examples. We will review and try to implement.

Is my understanding right that the dynamic credentials must be associated with specific connections as part of the script? (hardcoded)

Can this be assigned to a group of connections (i.e. to parent folder)?

You're welcome and you are correct. The dynamic credential you create in the dynamic folder script needs to be associated with the connection (directly or also by using the credential from a parent folder).

Login or Signup to post a comment
More topics in Questions
See all 275 topics