On Mon, Apr 29, 2024 at 10:11 AM Vieri <[email protected]> wrote:
> > On Monday, April 29, 2024 at 03:01:06 PM GMT+2, Nick Couchman < > [email protected]> wrote: > > > > I think the closest thing to what you're looking for that is currently > supported in Guacamole is the "vault" extension, which supports > > pulling tokens from a credential vault. The only vault currently > supported is Keeper Secrets Manager, > > but support could certainly be extended to other types of vaults with > some code writing. > > Thanks for that, but I was hoping not to store credentials in the cloud. > In fact, I was wondering if the feature could be within Guacamole "core" > (not even an extension). The credentials could be stored within the local > guac DB (just like the user and connection data), and a relationship with > the user ID could be set (guacamole_user.entity_id). Whenever a user tries > to connect to a guac DB-defined connection/host the guacamole client could > ask the user to pick any of its "credential sets" from the guac DB (or none > for user input). > > I don't know if the "vault credential retrieval system" can be adapted to > this simpler setup. > Can the "vault" just be a table within guac DB? > > Vieri, Yeah, I totally understand, and it's why I mentioned that there are probably ways to extend it into other areas. First, I'm not sure about Keeper Security Manager, whether it's hosted locally or in the Cloud. There are some other folks on here who could advise on that, I'm just not that familiar with it. Regarding the possibility of the vault being a table within the DB - I would say that it is probably more complicated than that, but that there should be ways to develop something to host it locally, within the application, and not have to rely on another piece of software or Cloud offering. But that capability does not exist today, it would need to be developed. -Nick
