# Where Does CopyStorm Store Passwords?
By default, CopyStorm does not store Salesforce or database passwords. To enable this option, select the “Store Passwords” option when [saving a configuration file](https://learn.capstorm.com/copystorm-restore/readme/reference/configuration-files). When checked, CopyStorm will maintain Salesforce password security by encrypting Salesforce and database passwords in the save file.
## What if I Want to Store Passwords in a Password Manager?
CopyStorm includes an extensible system which allows the usage of third-party password managers to store Salesforce passwords. The default password storage locations include:
* Directly within the CopyStorm save file (this is the default).
* Within a KeePass file named “passwords.kdbx” located in any of:
* The user’s home directory.
* The CopyStorm installation directory.
* A subdirectory of the CopyStorm installation directory named “config”.
* Any directory adjacent to the CopyStorm installation directory.
To use your own password manager, please see our tutorial titled [How to Add a New Password Manager](/frequently-asked-questions/usage/where-does-copystorm-store-passwords/how-to-add-a-new-password-manager.md).
## How to Use the KeePass Password Manager
To enforce Salesforce password security using the KeePass password manager to authenticate with Salesforce, you will need:
* A kdbx (KeePass v2.x) formatted password file containing the username and password of the Salesforce user.
* For more information on the KeePass password manager, see
* The user’s Security Token may be either:
* Appended to the user’s password.
* Stored in a text attribute named “Security Token”
* A copy of the kpcli.pl Perl script (version 3.2) available here:
*
* The Perl script is used for both Windows and Linux installations — the Windows-formatted exe will not work.
* A Perl installation with all dependencies for kpcli installed.
* Dependencies can be found at the kpcli homepage ()
After installing Perl with the kpcli dependencies:
* Put the passwords.kdbx file in one of the locations referenced above.
* Put the kpcli.pl script in one of the locations referenced above (make sure the file is named “kpcli.pl”).
* Make sure the script is installed correctly by running the command:
* ```
perl /path/to/kpcli.pl -kdb /path/to/passwords.kdbx --command "show -f /password/entry"
```
* If kpcli.pl is installed correctly and the password entry path is correct, it will print the Salesforce credentials.
* Restart the CopyStorm UI. Under the “Advanced Parameters” section of the Main tab, a “Credential Type” option of “Keepass” will appear:\
* Enter the KeePass file password and the path to the Salesforce user’s password entry:\
* Test the connection by pressing the “Test Salesforce Connection” button.
* If the KeePass file password is incorrect, or if the kpcli.pl script is set up incorrectly, an error will appear which looks like:\
* If the Entry does not appear in the Keepass file, an error will appear which looks like:\
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://learn.capstorm.com/frequently-asked-questions/usage/where-does-copystorm-store-passwords.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.