Back in the days, using Royal TS 1.7.x, it was possible to add an additional password to your document. With this second password admins could protect documents from modifications and also prevent users from reading passwords. This additional protection was missing in Royal TS V2 and lots of users asked us to bring back the feature. Well, in Royal TS (for Windows) V3 and Royal TSX (for macOS) V2 we will have it on board again and even put some extra sugar on top of it.
Disclaimer: While we understand the case to create documents which allows users to log on to production servers without knowing the actual password, we still think that many problems and security related issues can come up with this approach. The features we discuss in this blog post are intended to help you to better manage your documents and prevent users from easily and accidentally obtaining a confidential password. However, depending on your scenario, this approach may not be “bullet proof” or give you the desired results. There are also many “restrictions” which are applied to the workflow when you lock down a document. So make sure you fully test the workflow before you release any documents to your users!
Recommendation: We strongly recommend to provide personalized user accounts instead. This way all actions can be audited and fully tracked individually. Shared user accounts to manage systems is in general a very bad idea!
Now, let’s dive into Lockdown…
A document with an Encryption password and a Lockdown password behaves like this:
Before we go into the specifics of Lockdown, let me briefly talk about our file formats and let me introduce our new document file format.
Extension .rtsx: Legacy file format used in Royal TS V2 and Royal TSX V1 (Royal TS V3 and Royal TSX V2 can still open and save .rtsx files).
Extension: .rtsz: New file format for Royal TS V3 and Royal TSX V2
To configure Lockdown, open the Document properties and switch to the Security page (in V2 this page was called Encryption but we renamed it):
This page allows you to configure a custom encryption password for your sensitive data (such as passwords). There’s a new tab called Lockdown which provides the following features:
Encrypt complete file: You can only check this option when you specified an encryption password in the Encryption tab. With this option checked, Royal TS will encrypt all file content of your document.
Set Lockdown Password: You can only set a lockdown password when the option Encrypt complete file is checked. Click Set Lockdown Password and provide a password. To remove the Lockdown Password, leave both password fields empty.
Do not allow to reveal passwords in this document: If checked, password fields from all the objects in the locked down document do not provide the reveal password and copy to clipboard button.
Do not allow to edit or modify this document: If checked, the document cannot be modified. You can still open the object properties but you cannot apply the settings and you also cannot save the document.
Allow passwords in web page connections: One of the side effects of lockdown documents is the restrictions of using passwords in auto-fill configurations or key sequence tasks. We introduced this policy to enable passwords in web page connections.
Lockdown documents will show a padlock icon in the Navigation panel next to the document name:
The padlock icon also shows the current state (Locked or Unlocked). To unlock a document, right-click the document and select Unlock Document:
You are then prompted to enter the Lockdown password. Once the document is Unlocked, all the configured restrictions are removed until you Lock the document again – using right-click on the document.
To ensure that passwords cannot be easily obtained, some restrictions apply to Locked documents: