What is Invantive Keychain?

Invantive Keychain is a database for confidential data like passwords, refresh tokens and TOTP-secrets. All Invantive products can read and write into this encrypted database.

For Dutch: please read Wat is Invantive Keychain?.

The Invantive Keychain is stored in the file system, usually in the folder %USERPROFILE% as the file invantive-own-v2.keychain.keychain. An Invantive Keychain database can only be used on the device where the database was created; the encryption is linked to the device. Individual OS-users typically each have their own Invantive Keychain in the folder %USERPROFILE% which is typically secured per OS-user.

The internal structure of Invantive Keychain consists of a folder structure. The root folder is Invantive Keychain. The most common folders under this top level are:

  • Databases: a folder structure with per database group, database and data container alias a list of confidential data such as passwords, refresh tokens, user names, etc.
  • Totp: a list of TOTP data for use with Invantive Authenticator such as the TOTP secret, algorithm and issuer.

The content of the Databases folder is created, updated and used by all Invantive on-premise products such as Invantive Control for Excel and Invantive Query Tool. The confidential login data is used, but also changes in login data are memorized.

Also the last used database is derived from Invantive Keychain by retrieving the database with the last moment of use.

The content of the folder Totp is created, updated and used by Invantive Authenticator.

The Invantive Keychain can be used by multiple programs simultaneously. In almost all cases the changes will be preserved. Only in high concurrency scenarios a change can get lost; however, the resulting Invantive Keychain is still usable. A future change ITGEN-5500 may resolve this.

For versions up to 20.1.530 it was possible to skip use of Invantive Keychain. Starting with version 20.1.530, use has been made mandatory to accommodate Exact Onlineā€™s rapidly expiring refresh tokens.

Invantive Cloud does not use Invantive Keychain. Invantive Cloud uses an alternative cloud-based mechanism for securely storing, retrieving and update confidential information as visible on Invantive Cloud Structure.