Version 1

Version 2

Version 2.1

The approach shown below is only compatible with version 2.1 of the Vault Application Framework.

Passwords within configuration elements

Passwords within configuration objects should be marked with the [Security(IsPassword = true)] attribute. When this attribute is used, values displayed in the M-Files Admin software will be obscured and displayed insead as asterisks:

An example of an obscured password in the M-Files Admin software

using System.Runtime.Serialization;
using MFiles.VAF.Configuration;
using MFiles.VAF.Core;

namespace MyCompany.MyProduct.MyVaultApplication3
{
	public class VaultApplication
		: ConfigurableVaultApplicationBase<Configuration>
	{
	}
	
	[DataContract]
	public class Configuration
	{
		[DataMember]
		public string Username { get; set; }

		[DataMember]
		[Security(IsPassword = true)]
		public string Password { get; set; }
 
	}
}

Note that configuration elements marked with a [Security(IsPassword = true)] attribute are not encrypted before being stored within Name Value Storage. Whilst the storage location is only accessible to system administrators, it is important to note that these may be accessible by code executing with elevated rights.

Restricting who can change configuration elements

The [Security] attribute can also be used to configure who can change the value of a given element of the configuration. This can be used to ensure that only system administrators - and not vault administrators - can change specific values. This is of increased importance in the M-Files cloud environment where some values must only be configurable by the M-Files Cloud Ops team.

In the following example the WebAddress property can only be changed by the System Administrator. The value will be hidden from Vault Administrators in the Configuration tab, although they will see the value in the ‘Advanced’ configuration. Vault Administrators will get an error when trying to save changes to the value.

using System.Runtime.Serialization;
using MFiles.VAF.Configuration;
using MFiles.VAF.Core;

namespace MyCompany.MyProduct.MyVaultApplication3
{
	public class VaultApplication
		: ConfigurableVaultApplicationBase<Configuration>
	{
	}
	
	[DataContract]
	public class Configuration
	{
		[DataMember]
		public string Username { get; set; }

		[DataMember]
		[Security(IsPassword = true)]
		public string Password { get; set; }

		[DataMember]
		[Security(ChangeBy = SecurityAttribute.UserLevel.SystemAdmin)]
		public string WebAddress { get; set; }
 
	}
}