Where Does CopyStorm Store Passwords?
By default, CopyStorm does not store Salesforce or database passwords. To enable this option, select the “Store Passwords” option when saving a configuration file. When checked, CopyStorm will maintain Salesforce password security by encrypting Salesforce and database passwords in the save file.
What if I Want to Store Passwords in a Password Manager?
CopyStorm includes an extensible system which allows the usage of third-party password managers to store Salesforce passwords. The default password storage locations include:
- Directly within the CopyStorm save file (this is the default).
- Within a KeePass file named “passwords.kdbx” located in any of:
- The user’s home directory.
- The CopyStorm installation directory.
- A subdirectory of the CopyStorm installation directory named “config”.
- Any directory adjacent to the CopyStorm installation directory.
To use your own password manager, please see our tutorial titled How to Add a New Password Manager.
How to Use the KeePass Password Manager
To enforce Salesforce password security using the KeePass password manager to authenticate with Salesforce, you will need:
- A kdbx (KeePass v2.x) formatted password file containing the username and password of the Salesforce user.
- For more information on the KeePass password manager, seeĀ https://keepass.info/
- The user’s Security Token may be either:
- Appended to the user’s password.
- Stored in a text attribute named “Security Token”
- A copy of the kpcli.pl Perl script (version 3.2) available here:
- http://kpcli.sourceforge.net/
- The Perl script is used for both Windows and Linux installations — the Windows-formatted exe will not work.
- A Perl installation with all dependencies for kpcli installed.
- Dependencies can be found at the kpcli homepage (http://kpcli.sourceforge.net/)
After installing Perl with the kpcli dependencies:
- Put the passwords.kdbx file in one of the locations referenced above.
- Put the kpcli.pl script in one of the locations referenced above (make sure the file is named “kpcli.pl”).
- Make sure the script is installed correctly by running the command:
-
perl /path/to/kpcli.pl -kdb /path/to/passwords.kdbx --command "show -f /password/entry"
- If kpcli.pl is installed correctly and the password entry path is correct, it will print the Salesforce credentials.
-
- Restart the CopyStorm UI. Under the “Advanced Parameters” section of the Main tab, a “Credential Type” option of “Keepass” will appear:
- Enter the KeePass file password and the path to the Salesforce user’s password entry:
- Test the connection by pressing the “Test Salesforce Connection” button.
- If the KeePass file password is incorrect, or if the kpcli.pl script is set up incorrectly, an error will appear which looks like:
- If the Entry does not appear in the Keepass file, an error will appear which looks like:
- If the KeePass file password is incorrect, or if the kpcli.pl script is set up incorrectly, an error will appear which looks like: