ONLINE HELP
 WINDEVWEBDEV AND WINDEV MOBILE

New WINDEV, WEBDEV and WINDEV Mobile 2025 feature!
Help / Editors / Project editor
  • Overview
  • Vault and secret strings
  • Access to the vault
  • Contents of the vault
  • Using secret strings
  • Creating a vault and defining passwords
  • Creating a vault
  • Create a secondary password
  • Defining secret strings
  • Using secret strings in the code
  • Detecting WLanguage functions that require secret strings
  • Using secret strings
  • SecretString variable
  • Opening a project that uses a vault
  • Opening a WINDEV or WINDEV Mobile project
  • Opening a WEBDEV project
  • Testing a project that uses a vault
  • Deploying a project that uses a vault
  • Creating the executable of a project that uses a vault
  • Deploying a WEBDEV project that uses a vault
WINDEV
WindowsLinuxJavaReports and QueriesUser code (UMC)
WEBDEV
WindowsLinuxPHPWEBDEV - Browser code
WINDEV Mobile
AndroidAndroid Widget iPhone/iPadIOS WidgetApple WatchMac Catalyst
Others
Stored procedures
Overview
Passwords, private keys and tokens are often used in programming. For example:
  • database connection password.
  • data file password.
  • email account password.
  • OAuth token.
  • spreadsheet password.
  • Word document password.
  • etc.
For obvious security reasons, these elements should not be left unencrypted in the source code.
To avoid the need to set up personal or third-party security mechanisms, WINDEV WEBDEV and WINDEV Mobile include a secret string vault as standard.
Vault and secret strings

Access to the vault

To access the vault and modify its contents:
  • use the master password.
    This password is set when the vault is created. This master password identifies the vault creator as its owner and encrypts the contents of the secret strings.
    Warning
    Secret strings are encrypted using the master password. If this password is lost, the contents of the secret data will be lost.
    Accessing the vault with the master password allows you to create secondary passwords. Secondary passwords enable trusted contributors to access the contents of the vault.
  • use a secondary password.
    Accessing the vault with a secondary password enables you to create, modify and delete secret strings, just like the master password. However, it does not allow you to create new secondary passwords.
    Caution: Secondary passwords must be given to trusted users, who can manipulate the data in the vault without restrictions. This includes viewing and changing passwords.

Contents of the vault

The vault contains secret strings. These secret strings consist of:
  • an identifier. This identifier enables you to use the contents of the secret string as a parameter for WLanguage functions.
  • secret content. This secret content will be used at runtime. The content will be encrypted using the master password. Users will be able to view and modify this content in the vault only if they use a password (master or secondary).
  • test content. This content will be used for application testing. It is readable by all vault users.
Any project developer can access the contents of the vault:
  • secret content will be hidden.
  • test content will be visible.

Using secret strings

Secret strings can be used directly in WLanguage code. When you write a function with a parameter that supports secret strings, code suggestions will include secret strings from the vault of the project (or set of procedures).
When testing a project via the "Go" button, the test content will be used by default.
When creating the executable, it is necessary to unlock the vault in order to use the secret contents. The master password (or one of the secondary passwords) will then be requested.
Creating a vault and defining passwords
You can create a vault:
  • for a project,
  • for a set of procedures. In this case, you will be able to share the vault between several projects via the SCM.

Creating a vault

To create a password vault for a project:
  1. On the "Project" tab, in the "Project" group, click "Vault". The vault creation wizard opens.
  2. In the wizard, set the "Master" password. This password identifies the creator of the vault. Keep this password safe.
  3. Confirm.
The project vault window opens.
To create a password vault for a set of procedures:
  1. In the "Project explorer" pane, select the global procedure.
  2. Open the context menu of the global procedure and select "Properties".
  3. In the window that appears, click "Access vault". The vault creation wizard opens.
  4. In the wizard, set the "Master" password. This password identifies the creator of the vault. Keep this password safe.
  5. Confirm.
The vault window associated with the set of procedures is displayed.

Create a secondary password

To create a secondary password for a vault:
  1. Open the vault:
    • For the project vault, go to the "Project" tab, "Project" group, and click "Vault". The vault window opens.
    • For the vault of a set of procedures, go to the "Project explorer" pane, open the properties of the set of procedures, and click "Access vault".
  2. Go to the "Secondary passwords" tab.
  3. Add a secondary password ("+" button).
  4. In the new table row, enter the password and other specific details if necessary (e.g., name of the person or team).
Remarks:
  • The button generates a password automatically.
  • The "Change master password" button allows you to reset the vault. This means that secret strings will be cleared (their contents deleted) and secondary passwords will be removed.

Defining secret strings

To define secret strings in a vault:
  1. Open the vault:
    • For the project vault, go to the "Project" tab, "Project" group, and click "Vault". The vault window opens.
    • For the vault of a set of procedures, go to the "Project explorer" pane, open the properties of the set of procedures, and click "Access vault".
    The secret string management window opens:
  2. Click "+".
  3. In the new table row, enter:
    • the identifier. This identifier will be used by users in the WLanguage code to specify the password. Use a meaningful name.
    • the content of the secret string, i.e., the password itself.
    • the type of secret string. This type depends on how the secret string will be used, i.e., what WLanguage function will use it.
Note: Click the View icon to view the contents of secret strings. This action requires a master or secondary password.
Using secret strings in the code

Detecting WLanguage functions that require secret strings

To identify which WLanguage functions in your code require the use of a secret string, you can enable a programming standard option:
  1. Open the project description window. To do so, go to the "Project" tab, "Project" group, and click "Description".
  2. On the "Compilation" tab, check "Indicate strings that should be secret".
  3. Confirm.
Errors related to this programming standard option will appear in the compilation errors pane.
To view programming standard errors in the compilation errors pane:
  1. Open the compilation errors pane. Go to the "Home" tab, "Environment" group, expand "Panes", select "Panes", and then select "Compilation errors".
  2. Click Programming standard error.

Using secret strings

To use secret strings in WLanguage, simply enter the secret string identifier in the parameters that take secret strings.
For example:
  • The HFSQLConnectionPassword secret string is defined in the vault.
  • The database connection code is as follows:
    MyConnection is Connection
    // Describe the connection
    MyConnection.User = "USER" 
    MyConnection.Password = HFSQLConnectionPassword 
    MyConnection.Server = "MYSERVER" 
    MyConnection.Database = "Database" 
    MyConnection.Provider = hAccessHFClientServer 
    MyConnection.Access = hOReadWrite 
    MyConnection.ExtendedInfo = "Extended information" 
    MyConnection.CursorOptions = hClientCursor 
    HOpenConnection(MyConnection)

SecretString variable

You can also use variables of type SecretString to manipulate secret strings. For example, the following code allows you to use a different password in test mode:
s is SecretString
IF InTestMode THEN
	s = HFSQLDatabase_Tests
ELSE
	s = HFSQLDatabase_Production
END

HPass("*", s)
Opening a project that uses a vault

Opening a WINDEV or WINDEV Mobile project

Opening a project associated with a vault does not require you to enter the vault password. This information will be requested only if necessary, when running tests with secret content or when generating the executable.

Opening a WEBDEV project

Opening a WEBDEV project requires opening the vault, in particular to generate Active WEBDEV Pages and AWL pages.
If the "Use content for test mode" option has been selected:
  • Active WEBDEV Pages / AWL pages are generated using the test passwords.
    Caution: If you manually deploy Active WEBDEV Pages / AWL pages, the test passwords will be used in the deployed pages.
  • when generating the website, the vault password is requested to regenerate the pages using the secret strings.
Testing a project that uses a vault
When testing the project, the test passwords stored in the vault are used by default.
You can test the project using secret content.
To configure the project test mode:
  1. Open the test mode settings window. To do so, go to the "Project" tab, "Test mode" group, expand "Test mode" and select "Configure test mode" (Ctrl + Shift + F9).
  2. In Advanced options, in the "Vaults" tab, choose between content for test mode and secret content.
  3. Confirm.
If the test mode uses secret contents, the project vault access window will appear when testing the project.
In this window, you can:
  • provide passwords for the vault(s) used by the project.
  • store passwords on the computer. In this case, the password(s) for the vault(s) will no longer be requested on the current computer.
  • use content for test mode. in this case, the secret contents for tests will be used. Vault passwords will not be requested.
Note: This feature is only available from version 2025 Update 1.
Deploying a project that uses a vault

Creating the executable of a project that uses a vault

When creating an executable, a specific step enables you to manage vault contents.
By default, the secret contents of the vaults are used when creating the executable. Therefore, it is necessary to enter the password of the different project vaults.
The "Store passwords on the computer" option saves the passwords on the current computer so that they are no longer requested for any action that requires opening the vaults.
Note: This feature is only available from version 2025 Update 1.

Deploying a WEBDEV project that uses a vault

If the WEBDEV project was opened using the "Use content for test mode" option, the vault password will be requested to generate the website.
Note: This feature is only available from version 2025 Update 1.
Minimum version required
  • Version 2025
This page is also available for…
Comments
Click [Add] to post a comment

Last update: 02/05/2025

Send a report | Local help