Hello all, Our security team noticed that the connections credentials are stored in plain text in the Guacamole database (ssh private keys for Linux VM and user and password for windows VM), we would like to know if there is a possibility to use a secret manager like vault to store these sensitive informations instead of the database or at least store them encrypted in the database ?
The same security issue is noticed for the postgres sql user and password that should be stored in the configuration file guacamole.properties ... Finally, i want to set a timeout for idle session. I tried the option api-session-timeout: 10 for test. However, my ssh session still opened in the browser more than 1 hour till I close it even if I didn't do any interaction in the browser. I didn't find any relevant information concerning this issue in the logs. How can I debug this ? Thank you in advance for your help Best regards Makarem
