Start a new topic
In Progress

Password API/Pleasant Password Integration

Royal TSX integrates with some password stores, but none of the current ones are really enterprise-ready password storage.  It would be nice to offer integration to one (my employer uses Pleasant Password.), or ideally an API to enable shims to be written between the API of the password storage and Royal TSX.


I'm posting this in Mac as I'm a Mac user, but I know both pieces of software exist on other platforms, so really this should be considered a general feature request.


1 person likes this idea

Hi Deimel,

I'm using the Dynamic Folder feature to implement our password manager with RoyalTS(x) and it works really well. I have a question: when the Dynamic Folder script gets the passwords from the third party services, are those stored in ram or in a temp file? I'm asking from a security perspective since I've noticed that it gets all the data when the application is launched.


Thanks,

Matteo

Hi Matteo,


glad to hear that Dynamic Folders are helpful for you!


You can configure if you want to allow Royal TS/X to persist the folder contents. To do so, open the properties of your dynamic folder and either enable or disable "Persist (cache) folder contents".

When this is enabled, the dynamic folder's contents (including any encrypted values; i.e. passwords) are saved to disk as well. If it's disabled, none of the contents are saved to disk.


Hope that helps!


cheers,

felix

Hi Felix,

that's great! This means that even if a laptop get stolen and disassembled, there will be no passwords stored into the disk. Awesome!


Since you are so kind I have another little question: is there a way to troubleshoot the script execution? Right now I'm stuck with an error that says "An error occurred while importing objects from JSON: Sequence contains more than one matching element." but I can't figure out which is the problem. Is there a log somewhere, or an error reference? 


Thanks!


Matteo

Hi Felix,

while it still would be nice to have some kind of "debug mode", I've figured out something. It looks like there is something with the "Path" object. Look at this example:


{

    "Objects": [

        {

            "Type": "Credential",

            "Path":"/Folder1/Folder2/Folder3/Folder4/Sample",

            "Name":"Entry1",

            "Username":"administrador",

            "Password":"password"

        },

        {

            "Type": "Credential",

            "Path":"/Folder1/Folder2/Folder3/Sample",

            "Name":"Entry2",

            "Username":"user",

            "Password":"password"

        }

    ]

}


This RoyalJSON should create a folder named "Sample" under "Folder4" and another one under "Folder3", right? Well, it doesn't. It creates folder "Sample" under "Folder4" and puts both entries into it.


Instead, this one works as expected:


{

    "Objects": [

        {

            "Type": "Credential",

            "Path":"/Folder1/Folder2/Folder3/Sample",

            "Name":"Entry2",

            "Username":"user",

            "Password":"password"

        },

        {

            "Type": "Credential",

            "Path":"/Folder1/Folder2/Folder3/Folder4/Sample",

            "Name":"Entry1",

            "Username":"administrador",

            "Password":"password"

        }

    ]

}


Regards,

Matteo

Hey Matteo,


congratulations, you found a bug! ;-)


We've just fixed this and the fix will obviously be included in the next beta update.


In the meantime, you should be able to get the output you want by not using the "Path" property but manually nesting your objects. See the section "Building folder hierarchies - The hard (more flexible) method" of our RoyalJSON documentation: https://www.royalapplications.com/external/RoyalJSON_Beta.pdf


Many thx for bringing this to our attention!


cheers,

felix

Hi Felix,

glad to help :)


Yeah, I've read about the the dark side... I mean, the hard method ;), but since our password manager exports the passwords in a format that's really similar to "The easy (less flexible) method" format, it's much much simpler to me to use that method. So, I think I'll wait for the next beta, thanks.


One last question: speed. I've noticed that my script takes like 4 seconds for generating the RoyalJSON output, and RoyalTSX takes it's time to format everything, something like 30 passwords/sec. Since we have thousands of credentials, it takes some minutes each time I reload it. Is this something that you also are experiencing?


Thanks again for your kindness and for making this product better and better.


Regards,

Matteo 

Hi Matteo,


well, all the parsing and general magic in RoyalJSON surely introduces performance penalties.

You might want to think about switching to Dynamic Credentials and don't import any passwords in the dynamic folder script. This way we don't have to encrypt all those passwords while loading the dynamic folder's contents but only when requested by a connection.


There's a dedicated section about Dynamic Credentials in the documentation. Please let me know if that helps!


cheers,

felix

Hi Felix,

thanks for your support.


I've read about Dynamic Credentials (really nice feature!), but that's not a viable option for us since we often work without direct internet access.


Thanks again, have a nice day!


Matteo

Login or Signup to post a comment