Authenticating to a Local Vault

A local vault is an encrypted and password-protected data file saved on the user's machine that stores local connection credentials and passwords.

Local Vault Enabled

With the local vault enabled, the user can create local RDP and SSH connections, and save the connections and credentials locally. The user must protect this local data by logging into Connection Manager with their password each time they open the application. As soon as the user logs into Connection Manager, they are automatically connected to Secret Server.

Local Vault Disabled

For added security, administrators and users can disable storage of connection credentials and passwords in a local vault. When use of the local vault is disabled, the user cannot create local RDP or SSH connections. When the local vault is already enabled and the user disables it, any existing local connections will be permanently deleted and the user will be able to access only secrets that are synched from Secret Server. The user will not need to log into Connection Manager each time they open the application, but they will need to log into Secret Server when they open Connection Manager.

Enable or Disable Local Vault on Installation or Upgrade

When Connection Manager is installed on a machine for the first time, or when upgrading to version 1.6.0 or higher, the application asks, "How will you use Connection Manager?"

local-data-vault

The first choice, Use secrets synched from Secret Server and locally stored, enables use of the local vault.

The second choice, Only use secrets synched from Secret Server disables use of the local vault.

You can also disable use of the local vault using the command line argument -disablelocalvault on installation only (not on upgrade), as follows:

Windows

Delinea.ConnectionManager.WindowsInstaller.msi /quiet RUNCM=runCM KEYS=-disablelocalvault

Mac

sudo installer -pkg ~/Downloads/Delinea.ConnectionManager.<your version>.pkg -target / && open /Applications/Delinea/Delinea.ConnectionManager.app --args -disablelocalvault

Enable or Disable Local Vault When Authenticating to Secret Server

In the workflow for connecting to Secret Server, the user can check the box next to Remember me to store their credentials to a local vault. To disable the local vault, ensure that the Remember me box is unchecked.

local-data-vault

Enable or Disable Local Vault at Any Time

To enable or disable the local vault at any time, do the following:

  1. From the main Connection Manager screen, click the hamburger icon in the top left corner
  2. Click File.
  3. Click either Enable Local Vault or Disable Local Vault.

How to Change the Local Vault Location

The default local vault location, on Windows is C:\Users\User Name\AppData\Roaming\Delinea\Connection Manager

The default local vault location, on macOS is /Users/User name/Library/Application Support/Delinea/Connection Manager

If you decide to change the location of the local vault, you will also need to copy the ConnectionManager.dat file to your new local storage location in order to keep your original vault configuration.