Posts: 5
Threads: 1
Joined: Sep 2022
Reputation:
0
Hi,
I up this post.
is Keeper Secrets Manager integration planned in a future release?
Best regards.
Posts: 10,960
Threads: 97
Joined: Aug 2006
Reputation:
197
We have started to integrate - I have to check the current status...
Regards/Gruss
Oliver
Posts: 10,960
Threads: 97
Joined: Aug 2006
Reputation:
197
Will try to continue asap...
Regards/Gruss
Oliver
Posts: 10,960
Threads: 97
Joined: Aug 2006
Reputation:
197
First basic implementation is ready in 2022 Patch9 - they have indroduced a new API via NuGet-Package but this supports not really much - we can just read all Secrets - but they plan to extend their new API
Regards/Gruss
Oliver
Posts: 18
Threads: 2
Joined: Aug 2021
Reputation:
0
Oh wow great to hear! I'll start testing this feature soon!
Posts: 18
Threads: 2
Joined: Aug 2021
Reputation:
0
Unfortunately i dont get this to synchronize in any way - how can i debug this? The command line sync is not working either because my account uses MFA.
The configuration json is correctly created but if i want to synchronize a credential folder i just get "Reading data from 'Keeper Secrets Manager' failed. Index was outside the bounds of the array."
Posts: 10,960
Threads: 97
Joined: Aug 2006
Reputation:
197
We have to check that - I guess the used API do not support MFA - but I'm not sure at the moment
Regards/Gruss
Oliver
Posts: 18
Threads: 2
Joined: Aug 2021
Reputation:
0
20-12-2022, 05:22 PM
(This post was last modified: 20-12-2022, 05:27 PM by FWIPE.)
Also i would highly recommend storing the json data encrypted in the user database and not unencrypted on disk - especially the default location of Documents gets saved to OneDrive - so plain text access tokens to the Keeper Secrets Manager is stored unencrypted locally and on OneDrive to "lazy" users.
Oh and by command line sync i meant the command line from ASG:
"C:\Program Files\ASG-Remote Desktop 2022 (X64)\ASGRD.exe" /syncaction:Keeper /syncid:44f...30 "/syncoutput:c:\temp\sync.txt" "/instance:..." "/loginusername:florian" "/loginpassword:*pwd*" /loginsubmit
Posts: 18
Threads: 2
Joined: Aug 2021
Reputation:
0
04-01-2023, 10:42 AM
(This post was last modified: 04-01-2023, 10:43 AM by FWIPE.)
After a few days (maybe ASG restarts?) the sync is now working and i can successfully connect with credentials from Keeper Secrets Manager!
When does it update its records? Do i have to manually click "Synchronize now" in the folder or is there a setting on when this gets synchronized automatically?
So just a few improvement suggestions:
- as stated above store the KSM access data not in plain text on disk - maybe use the encrypted user database?
- synchronize folder layout - currently all folders are ignored and all secrets are just created in as a "flat hierachy" - unchecking the setting "create as flat hierarchy" has no effect
- synchronizing "only object names" results in an "Unhandled exception" if the credential is used in a connection - only "Sync objects with all data" is working
- if synchronized with all data the password can be shown by using "Show/hide password" in the credential field - it would be great if it would be possible to deny or disable that
Thanks so far for the integration and your work :-)
Posts: 10,960
Threads: 97
Joined: Aug 2006
Reputation:
197
Sync can be automated in different ways - you can use the command line to add a Windows Task (in Scheduler) - so it can run at any time you want. In Settings=>Startup you find an option to "Ask for sync on startup" - else you need to sync manually
Problem with KSM is that they have different ways how to access the data via API - command line tool, .NET Nuget package, ... and all have different feature sets (ugly for general integration) - currently we use the Nuget-Package because it is the easiest way - and I also reported that this includes only a subset of features - response was that it will be enhanced in future - perhaps you can also request that again!
And that's the first problem - folder structure can't be read with that Nuget package! Please raise support request (on KSM) that this should be implemented for better integration!!! I wait for newer version and will enhance the functionality in ASGRD asap.
Only object names - will check that! Seems to be a bug...
Show passwords in cleartext - option to disable is in Settings=>Environment=>Common
Regards/Gruss
Oliver