The approach shown below is only compatible with version 2.1 of the Vault Application Framework.
Passwords within configuration elements
Passwords within configuration objects should be marked with the
[Security(IsPassword = true)] attribute. When this attribute is used, values displayed in the M-Files Admin software will be obscured and displayed insead as asterisks:
Note that configuration elements marked with a
[Security(IsPassword = true)] attribute are not encrypted before being stored within Name Value Storage. Whilst the storage location is only accessible to system administrators, it is important to note that these may be accessible by code executing with elevated rights.
Restricting who can change configuration elements
[Security] attribute can also be used to configure who can change the value of a given element of the configuration. This can be used to ensure that only system administrators - and not vault administrators - can change specific values. This is of increased importance in the M-Files cloud environment where some values must only be configurable by the M-Files Cloud Ops team.
In the following example the
WebAddress property can only be changed by the System Administrator. The value will be hidden from Vault Administrators in the
Configuration tab, although they will see the value in the ‘Advanced’ configuration. Vault Administrators will get an error when trying to save changes to the value.