starred/tacticalrmm
1
0
Fork 0
mirror of https://github.com/amidaware/tacticalrmm.git synced 2026-04-26 23:15:57 +03:00
Code Issues 919 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1956] Custom Field 'Password' Type #3165

New issue
Open
opened 2026-03-14 06:45:19 +03:00 by kerem · 2 comments
kerem commented 2026-03-14 06:45:19 +03:00
Owner
Copy link

Originally created by @adamjrberry on GitHub (Aug 3, 2024).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/1956

Is your feature request related to a problem? Please describe.
It would be great if there's an option to have a 'password' type custom field to hide passwords.
Example Use Case: A DIY LAPS solution that outputs a local admin password to a custom field and rotates regularly, or a Bitlocker Recovery Key.

Describe the solution you'd like
Have a 'password' type option when adding custom fields.
For example:

  • Encrypted (requiring the RMM user to re-enter their password to unencrypt) to view the password
  • Unencrypted but just hidden by default (especially useful if sharing screen with someone but you don't want the passwords to be visible) - just having an eye icon that you can click to reveal the password. I know this could be kind-of achieved by hiding the custom field from the summary section, but it would be neater to retain it on the summary page but with the password masked.

Ideally the password would be encrypted in the database, but viewable by staff users. Could even create a specific custom field for passwords with a custom password to access it (i.e. 'use this break glass password in our documentation to access that specific custom field value'). It would be ideal if these custom field values can still be referenced and used in scripts though.

Before
image

After
image

Describe alternatives you've considered

  • Hiding the custom field from the summary tab
  • Leaving as-is
  • More frequent password rotation
  • Have it output a encoded string that can be decoded locally

Additional context
Example screenshots above.
Also sample dialog box that prompts for admin's password to reveal field value:
image

Originally created by @adamjrberry on GitHub (Aug 3, 2024). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/1956 **Is your feature request related to a problem? Please describe.** It would be great if there's an option to have a 'password' type custom field to hide passwords. **Example Use Case**: A DIY LAPS solution that outputs a local admin password to a custom field and rotates regularly, or a Bitlocker Recovery Key. **Describe the solution you'd like** Have a 'password' type option when adding custom fields. For example: - Encrypted (requiring the RMM user to re-enter their password to unencrypt) to view the password - Unencrypted but just hidden by default (especially useful if sharing screen with someone but you don't want the passwords to be visible) - just having an eye icon that you can click to reveal the password. I know this could be kind-of achieved by hiding the custom field from the summary section, but it would be neater to retain it on the summary page but with the password masked. Ideally the password would be encrypted in the database, but viewable by staff users. Could even create a specific custom field for passwords with a custom password to access it (i.e. 'use this break glass password in our documentation to access that specific custom field value'). It would be ideal if these custom field values can still be referenced and used in scripts though. **Before** ![image](https://github.com/user-attachments/assets/c97aec7f-a27a-43cb-b5c9-557acd475b3d) **After** ![image](https://github.com/user-attachments/assets/f5d35a8a-5cb1-4017-860f-782921bd7582) **Describe alternatives you've considered** - Hiding the custom field from the summary tab - Leaving as-is - More frequent password rotation - Have it output a encoded string that can be decoded locally **Additional context** Example screenshots above. Also sample dialog box that prompts for admin's password to reveal field value: ![image](https://github.com/user-attachments/assets/e27ca47c-bdad-4745-8324-ce0eb578e33e)
kerem commented 2026-03-14 06:45:25 +03:00
Author
Owner
Copy link

@P6g9YHK6 commented on GitHub (Aug 3, 2024):

for me these values should be encrypted with a password external to trmm a bit like what privatebin does with a public and private key for security so even if the rmm is compromised (db, account or privilege escalation) they would still have to have the decryption key.

and we need also something for the global key store

<!-- gh-comment-id:2266711364 --> @P6g9YHK6 commented on GitHub (Aug 3, 2024): for me these values should be encrypted with a password external to trmm a bit like what privatebin does with a public and private key for security so even if the rmm is compromised (db, account or privilege escalation) they would still have to have the decryption key. and we need also something for the global key store
kerem commented 2026-03-14 06:45:30 +03:00
Author
Owner
Copy link

@adamjrberry commented on GitHub (Aug 3, 2024):

I agree, depending on the use case I guess.
For simple LAPS passwords with low risk as each client has a different password, and there is regular rotation, a simple 'click to reveal text' option would be fine (at least I consider this an acceptable risk).
For more sensitive secrets, then yes additional encryption would be suitable. However, in my case, I don't store any super secret values in these fields - those go in a dedicated password manager, but I do still like the idea of not displaying passwords (no matter how low risk) in plain view. For example sharing screen with a client to show them something, they could simply screenshot on Teams when they see a LAPS password and use it before the next rotation - a 'click to reveal' option would resolve this problem (I know this is more of a HR-ish issue than IT, but of course there are many scenarios where this could be useful). Perhaps two options like below (please excuse the shoddy editing/graphics - I'm literally just adding boxes on Powerpoint lol).

image

<!-- gh-comment-id:2266715534 --> @adamjrberry commented on GitHub (Aug 3, 2024): I agree, depending on the use case I guess. For simple LAPS passwords with low risk as each client has a different password, and there is regular rotation, a simple 'click to reveal text' option would be fine (at least I consider this an acceptable risk). For more sensitive secrets, then yes additional encryption would be suitable. However, in my case, I don't store any _super_ secret values in these fields - those go in a dedicated password manager, but I do still like the idea of not displaying passwords (no matter how low risk) in plain view. For example sharing screen with a client to show them something, they could simply screenshot on Teams when they see a LAPS password and use it before the next rotation - a 'click to reveal' option would resolve this problem (I know this is more of a HR-ish issue than IT, but of course there are many scenarios where this could be useful). Perhaps two options like below (please excuse the shoddy editing/graphics - I'm literally just adding boxes on Powerpoint lol). ![image](https://github.com/user-attachments/assets/62c833df-c312-4e68-ba41-eb95e1372d11)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
master
1.0.0
v1.4.0
v1.3.1
v1.3.0
v1.2.0
v1.1.0
v1.0.0
v0.20.1
v0.20.0
v0.19.4
v0.19.3
v0.19.2
v0.19.1
v0.19.0
v0.18.2
v0.18.1
v0.18.0
v0.17.5
v0.17.4
v0.17.3
v0.17.2
v0.17.1
v0.17.0
v0.16.5
v0.16.4
v0.16.3
v0.16.2
v0.16.1
v0.16.0
v0.15.12
v0.15.11
v0.15.10
v0.15.9
v0.15.8
v0.15.7
v0.15.6
v0.15.5
v0.15.4
v0.15.3
v0.15.2
v0.15.1
v0.15.0
v0.14.8
v0.14.7
v0.14.6
v0.14.5
v0.14.4
v0.14.3
v0.14.2
v0.14.1
v0.14.0
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.4
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.3
v0.11.2
v0.11.1
v0.11.0
v0.10.5
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0
v0.9.2
v0.9.1
v0.9.0
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.15
v0.6.14
v0.6.13
v0.6.12
v0.6.11
v0.6.10
v0.6.9
v0.6.8
v0.6.7
v0.6.6
v0.6.5
v0.6.4
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.32
v0.4.31
v0.4.30
v0.4.29
v0.4.28
v0.4.27
v0.4.26
v0.4.25
v0.4.24
v0.4.23
v0.4.22
v0.4.21
v0.4.20
v0.4.19
v0.4.18
v0.4.17
v0.4.16
v0.4.15
v0.4.14
v0.4.13
v0.4.12
v0.4.11
v0.4.10
v0.4.9
v0.4.8
v0.4.7
v0.4.6
v0.4.5
v0.4.4
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.3
v0.3.2
v0.3.1
v0.3.0
v0.2.23
v0.2.22
v0.2.21
v0.2.20
v0.2.19
v0.2.18
v0.2.17
v0.2.16
v0.2.15
v0.2.14
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
In Process

   
bug

   
bug

   
dev-triage

   
documentation

   
duplicate

   
enhancement

   
fixed

   
good first issue

   
help wanted

   
integration

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
requires agent update

   
security

   
ui tweak

   
wontfix
No labels
In Process
bug
bug
dev-triage
documentation
duplicate
enhancement
fixed
good first issue
help wanted
integration
invalid
pull-request
question
requires agent update
security
ui tweak
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/tacticalrmm#3165
No description provided.