Tips & Tricks
Mathieu Morrissette

Hello everyone! As a certified OSCP security specialist here at Devolutions, I have the privilege of testing the security of our code, and our solutions to ensure that you have the most secure experience when using our products. Besides that, I also work with developers to write safer code, I keep up with trends at security conferences and during breaks, I like to play the Star Wars pinball machines in the break room. As a huge Star Wars fan, the office here at Devolutions makes me feel right at home.

Update on Devolutions Password Server Security Provider Deprecation

Table of Contents

Hello RDMers!

This is Mathieu Morrissette from the Devolutions Security Team. As you may already know, we have been working on deprecating the security providers in Devolutions Password Server.

Previously, the encryption key was shared with all users. This created some potential vulnerabilities for handling data at rest. Now, when deploying Devolutions Password Server 2019.2.9.0 and above (and when regenerating encryption keys), a new 256-bit encryption key will be generated and stored in the encryption.config file on the server only. This encryption key will be used to encrypt data entries (connections, private vaults, documentation and attachments).

To encrypt the data stored in the database, we use our open-source cryptography library, which can be found at The current version at this time (0.4.0) uses the XChacha20-Poly1305 algorithm.

How to Migrate

First, launch the Devolutions Password Server console and click on the "Manage Security Provider" button.

If no security providers are configured, then you’ll see this pop-up which means you don’t need to migrate:

Otherwise, this security provider dialog will open:

Before migrating, ensure that you back up the database and encryption keys. Then, click Migrate and follow the on-screen instructions. At this point, you might need to regenerate your encryption keys. Once you’ve completed all of the steps, restart the IIS web application (IIS Manager). If you still need to manage security providers, then you can use an old password server console installation.

And there you go! You’re all done, and ready to continue working in a more secure way. We hope that you find this security upgrade beneficial.

As always, please let us know your thoughts by using the comment feature of the blog. You can also visit our forums to get help and submit feature requests, you can find them here.

Related Posts

Read more Tips & Tricks posts