> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/rdm/ribbon-menu-bar/administration/system-settings/password-management/password-policy.md).

# Password policy

{% hint style="info" %}
This feature is only available with an [advanced data source](https://docs.devolutions.net/rdm/data-sources/data-sources-types/advanced-data-sources/).
{% endhint %}

Accessing passwords stored in your data source by querying the underlying database is not possible because of the encryption we apply on the passwords. For those of you that need to access passwords directly in the database, for example by a CRM system, we have created a way to achieve this.

### Settings <a href="#settings-windows" id="settings-windows"></a>

{% tabs %}
{% tab title="Windows" %}
The session information, which is an XML structure, is stored in the ***Data*** field of the ***Connections*** table in the underlying database.

However, getting the encrypted password from the database requires the ***Allow password for external system*** to be configured.

Enter an encryption key in the ***Key*** field. Once a key is provided it will cause the system to extract a copy of the password from our XML structure, this will then be re-encrypted using the ***Key*** you have provided and stored back into the ***UnsafePassword*** field of the ***Connections*** table.

<figure><img src="https://cdnweb.devolutions.net/docs/RDMW2044_2024_1.png" alt=""><figcaption></figcaption></figure>

### Decryption Code <a href="#decryption-code" id="decryption-code"></a>

Use the following .net code to decrypt your passwords.

```
public static string Decrypt(string encryptedString, string key)
{
  if (string.IsNullOrEmpty(encryptedString))
  {
    return encryptedString;
  }
  try
  {
    TripleDESCryptoServiceProvider tripleDesCryptoServiceProvider = new TripleDESCryptoServiceProvider();
    MD5CryptoServiceProvider cryptoServiceProvider = new MD5CryptoServiceProvider();
    string strTempKey = key;
    byte[] byteHash = cryptoServiceProvider.ComputeHash(Encoding.ASCII.GetBytes(strTempKey));
    tripleDesCryptoServiceProvider.Key = byteHash;
    tripleDesCryptoServiceProvider.Mode = CipherMode.ECB;
    byte[] byteBuff = Convert.FromBase64String(encryptedString);
    string strDecrypted =
      Encoding.UTF8.GetString(
        tripleDesCryptoServiceProvider.CreateDecryptor().TransformFinalBlock(
          byteBuff, 0, byteBuff.Length));
    return strDecrypted;
  }
  catch (Exception)
  {
    return null;
  }
}
```

{% endtab %}

{% tab title="macOS" %}

<table><thead><tr><th width="292.20001220703125">OPTION</th><th>DESCRIPTION</th></tr></thead><tbody><tr><td>Disable password saving (shared)</td><td>Users will not be able to save passwords within session.</td></tr><tr><td>Disable password saving (user-specific settings)</td><td>Users will not be able to save password in the User-specific settings.</td></tr><tr><td>Disable password saving for data source access</td><td>Users will not be able to save a new password to access the data source.</td></tr><tr><td>Allow reveal password for administrator and authorized users (<kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>Enter</kbd>)</td><td>Controls if reveal password is enabled for authorized users.</td></tr><tr><td>Allow reveal credentials (if enabled in the entry)</td><td>Allow to show the credentials if the box “Allow show credentials (everybody)“ is check inside the session.</td></tr><tr><td>Allow password in macro (send keys)</td><td>Renders $MACRO_PASSWORD$ variable useless for this data source.</td></tr><tr><td>Password history</td><td>Indicates the maximum saved password history count. See Password History for more information.</td></tr></tbody></table>
{% endtab %}
{% endtabs %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.devolutions.net/rdm/ribbon-menu-bar/administration/system-settings/password-management/password-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.