ANY//DOCS
DEBack to site

Password Vault

Overview

The Password Vault securely stores TIA Portal know-how protection passwords. It uses AES-256-GCM encryption with a master password to protect all entries. The vault enables bulk protect and unprotect operations on assigned blocks. The Password Vault is an Enterprise feature.

The vault opens as its own pane in the editor area. From the Command Palette (Ctrl+Shift+P), run Open Password Vault; the vault pane opens as a pinned editor tab with a lock icon and the title "Password Vault". A toolbar at the top of the pane shows only the buttons valid for the current state.

Creating a Vault

  1. Run Open Password Vault
  2. Click New Vault in the toolbar
  3. Choose a location and file name (.vault extension)
  4. Enter a master password (at least 8 characters) and confirm it

Important: Remember your master password. It cannot be recovered.

Opening an Existing Vault

  1. Click Open Vault in the toolbar
  2. Select a .vault file
  3. Enter your master password to unlock the vault

Until the vault is unlocked, the pane hides the entries list and shows a hint overlay instead — either "Open or create a vault" (no vault loaded) or "This vault is locked. Unlock it" (loaded but locked).

Managing Entries

When unlocked, the pane shows a list of the stored passwords. Each row shows the name, the masked password (********) with an eye-toggle to reveal/hide it, the assigned block/folder paths, and action icons.

Add Entry:

  1. Click Add Entry in the toolbar
  2. Enter a name (e.g., "Production PLC Password")
  3. Enter the know-how protection password

Edit Entry:

  • Click the pencil icon on the entry's row and update the name and password

Remove Entry:

  • Click the trash icon on the entry's row and confirm

Assigning Passwords to Blocks

Via Context Menu (single block or folder):

  1. In the Project Explorer, right-click a block or folder
  2. Choose Assign Stored Vault Password from the Vault submenu
  3. Select a vault entry
  4. The password is now linked to that path. On a folder, the assignment covers the whole subtree below it.

Via the Vault column (bulk assignment):

  1. While the vault is unlocked, the Project Explorer shows an extra Vault column (tri-state checkbox) next to each block
  2. Check the Vault checkbox for the blocks you want to assign
  3. Select a vault entry when prompted
  4. Checked blocks are assigned to that vault entry

Note: The Vault column only appears while the vault is unlocked.

Bulk Protect/Unprotect

  1. Assign vault passwords to blocks using the Vault checkboxes or the context menu
  2. Right-click a block or folder and choose Protect with Stored Passwords or Unprotect with Stored Passwords from the Vault submenu
  3. A stored password is resolved for every protectable block in the selection, and all blocks are protected or unprotected in one operation

The operation runs with a progress indicator and can be cancelled. If the vault is locked, you are prompted to unlock it first. It finishes with a result notification showing how many blocks were protected/unprotected, skipped (no stored password), or failed.

Note: Protected blocks remain assigned to their vault entry even if you uncheck the Vault checkbox. To remove a protected block from the vault, you must unprotect it first.

Protecting Safety (F-) Blocks

Planned: A dedicated Safety-block protect workflow is not yet available in this release.

Bulk Protect with Stored Passwords attempts every selected block, including Safety (F_) blocks. Siemens refuses know-how protection for an F-block whose F-program is not fully compiled and consistent, so such blocks appear under failed in the result notification. Compile the F-program successfully in TIA Portal, then re-run Protect with Stored Passwords.

Crash Recovery

Planned: Automatic recovery after a crash is not yet available in this release.

If the application is closed while blocks are unprotected, re-protect the affected blocks manually after restarting via Protect with Stored Passwords.

Locking the Vault

  • Click Lock to lock the vault (the decrypted entries are cleared from memory)
  • Click Close Vault to completely unload the vault
  • Click Change Password to change the master password

An UNLOCKED badge in the pane's status strip shows while the vault is unlocked.

Exporting the Vault to CSV

The CSV Export feature allows you to create a backup of all vault entries in a text format:

Exporting:

  1. Open and unlock your vault
  2. Click Export CSV in the toolbar
  3. Select a destination folder for the backup file
  4. A CSV file is created with all vault entries

CSV Format:

  • Metadata header comment lines with vault information (a title line, the vault file path, the export date, and the entry count)
  • Column headers: Name, Password, Paths, Protected
  • Comma-separated, quote-escaped fields with CRLF line endings
  • UTF-8 encoding with BOM (for Excel compatibility)

Security Note: The CSV file contains passwords in plaintext for backup purposes. Store the exported CSV file securely, just like you would protect the vault file itself. Delete the CSV after verifying the backup is complete.

When Export is Available:

  • Export CSV button is only active when the vault is unlocked
  • Lock the vault when you're done to prevent accidental exports
Previous
Protected Items
Next
AI Integration