Credentials with Selectors?

security
credentials
activities
studio

#1

Hi ,

From what i see in Current Type Into Secured Text , and get credentials activities , even if we are able to retrieve Password securely from either orchestrator or Windows Vault , Type Into Secure text basically can be used anywhere to type in the password.

For Eg , i can use it to type the password out on a Notepad. without any restriction on it. Or else i would be able to use it in Writeline / log it.

What if we are able to merge the selector with the password as well?

Eg - the way we store passwords would have 3 values .
Username
Password
Selector.

Once we retrieve the secured credential , we can keep it as a encrypted value of all three , and maybe use a custom activity , “Type into Secure Credentials” , which internally would be a combination of 2 Type Into Activities , with the selectors provided dynamically.

It might look like this.,

Get Secure Credentials
in – TARGET
OUT - COMBO Value of username+password+selector.

this out value could be input for
“Type into Secured Credentials”

Which would inturn be - Type into - Username
IN - username
IN - Selector

Type Into Password
IN Password
IN - Selector


#2

I heard this idea somewhere before, can’t remember where.

+1, with a precaution that a credential should also be possible to be stored without a selector (as a concious choice - some credentials are used in different places, as well as unfortunately some of them need to be converted to plain strings for requests).


#3

I agree with you , we might want to retain capability to retrive password without selectors as well. The thought came in during a requirement gathering dicsussion where one of the application owners , had some compliance requirements to ensure the password is never visible in cleartext by hook or by crook. as the application contains sensitive information.

I think there might have already been requirements like these … The only way i could get them to agree was to bake in the selector with credentials which would ensure the password cannot be "Typed into " anywhere else apart from the application screen…