Where Does CopyStorm Store Passwords?

By default, CopyStorm does not store Salesforce or database passwords. To enable this option, select the “Store Passwords” option when saving a configuration file. When checked, CopyStorm will maintain Salesforce password security by encrypting Salesforce and database passwords in the save file.

What if I Want to Store Passwords in a Password Manager?

CopyStorm includes an extensible system which allows the usage of third-party password managers to store Salesforce passwords. The default password storage locations include:

  • Directly within the CopyStorm save file (this is the default).
  • Within a KeePass file named “passwords.kdbx” located in any of:
    • The user’s home directory.
    • The CopyStorm installation directory.
    • A subdirectory of the CopyStorm installation directory named “config”.
    • Any directory adjacent to the CopyStorm installation directory.

To use your own password manager, please see our tutorial titled How to Add a New Password Manager.

How to Use the KeePass Password Manager

To enforce Salesforce password security using the KeePass password manager to authenticate with Salesforce, you will need:

  • A kdbx (KeePass v2.x) formatted password file containing the username and password of the Salesforce user.
    • For more information on the KeePass password manager, see https://keepass.info/
    • The user’s Security Token may be either:
      • Appended to the user’s password.
      • Stored in a text attribute named “Security Token”
  • A copy of the kpcli.pl Perl script (version 3.2) available here:
  • A Perl installation with all dependencies for kpcli installed.

After installing Perl with the kpcli dependencies:

  • Put the passwords.kdbx file in one of the locations referenced above.
  • Put the kpcli.pl script in one of the locations referenced above (make sure the file is named “kpcli.pl”).
  • Make sure the script is installed correctly by running the command:
    • perl /path/to/kpcli.pl -kdb /path/to/passwords.kdbx --command "show -f /password/entry"
    • If kpcli.pl is installed correctly and the password entry path is correct, it will print the Salesforce credentials.
  • Restart the CopyStorm UI. Under the “Advanced Parameters” section of the Main tab, a “Credential Type” option of “Keepass” will appear:
  • Enter the KeePass file password and the path to the Salesforce user’s password entry:
  • Test the connection by pressing the “Test Salesforce Connection” button.
    • If the KeePass file password is incorrect, or if the kpcli.pl script is set up incorrectly, an error will appear which looks like:
    • If the Entry does not appear in the Keepass file, an error will appear which looks like: