...
- The "Password Safe" (Credential Store, CS) offers possibilities to store encrypted connection data and any other data securely and independently of an application (i.e. JADEYADE). Access to the CS is only possible with access methods such as SSH key or password.
- Currently CS is using "KeePass" and "KeePassX" with the db version 1.0, thus CS can be used on most popular OS platforms.
- The advantage of using CS is that CS stores the credentials (and other information/parameters) into a standardized, secure and encrypted database, i.e. Keepass. JADE YADE will access the CS database using a standard interface. The CS database can only be accessed using password, encryption-key file (ppk) or a combination of both. The CS password is used to encrypt the contents stored in the CS database with AES.
- CS can be used to securely store information or parameters, database connection URL, runtime decryption key and other access data.
...
- Feature: UserID : The user identification of the user who is authorized for the operation.
- Feature: Password : Assigned password for the user.
- Feature: Server-Name : Target server name or IP address
- Feature: Notes : In the notes section of the CS other parameters/options can be stored, i.e. JADE YADE parameters, database connection URL etc. The extra options are defined in a similarly way as used on the command line.
- Feature: File-Attachment : Any files such as PGP files, SSH private key files can be stored in the CS as attachments. Applications will retrieve the attached file at run-time and will delete the file immediately once operation is completed.
...
Parameter CredentialStore_OverwriteExportedFile
- At run-time JADE YADE can export the file stored in the attachment field of the CS database to the local file system. For example If the attached file is an SSH key and JADE YADE had to use the key file for file transfer operations. JADE YADE will export the attached file into a predefined directory i.e. $HOME/.ssh. To avoid any unwanted overwriting of existing files in the $HOME/.ssh folder set this parameter as false.
- Data-Type: SOSOptionBoolean
- The default value for this parameter is:
true
. - Use together with parameter:
- use_credential_Store - use credential store for authentication
- Alias: CS_OverwriteExportedFile
Parameter CredentialStore_Permissions4ExportedFile
- At run-time JADE YADE can export the file defined in the attachment filed of the CS database to the local file system. For example If the attached file is an SSH key and JADE YADE wants to use the key file for file transfer operations then JADE YADE will export the attached file to a predefined directory, i.e. $HOME/.ssh, and the key file should have specific permissions.
...
Parameter CredentialStore_DeleteExportedFileOnExit: Delete Attachment On Exit of Application
- At run-time JADE YADE will export the attached file of a CS to the local file system and once its operation is completed and irrespective of operation's status by default JADE YADE will delete this file. In special cases, e.g. for debuging, if you want JADE YADE not to delete the file then set this parameter as
false
. - Data-Type : SOSOptionBoolean
- The default value for this parameter is
true
. - Use together with parameter:
- use_credential_Store - use credential store for authentication
- Alias: CS_DeleteExportedFileOnExit
Parameter CredentialStore_ExportAttachment: Export attached file to disc
- JADE YADE can export a file that is stored in the CS database as attachment to the local file system. By default JADE YADE does not export attached files.
- Data-Type: SOSOptionBoolean
- The default value for this parameter is:
false
. - Alias: CS_ExportAttachment
...
To use the file stored in the CS as attachment during an operation, JADE YADE has to export the attached file to the local file system. Use this parameter to define the name of exported file in the local file system.
...
Credential Store can be accessed by JADE YADE using a private key or using a password or a combination of both. Define the path/location of the SSH key file using this parameter.
...
The Credential Store can be accessed by JADE YADE using a private key or using a password or a combination of both. Define the CS access password using this parameter. Hint: always use a strong password for CS.
...
- This option specifies the path of the access key for access to the credential store..
- Credential store can be accessed by the JADE YADE using a private key or using a password or a combination of both. Define the path/location of the SSH key file using this parameter.
...
Code Block | ||
---|---|---|
| ||
Command-Line : jade.sh -CredentialStoreFileName="/etc/keystore/sap_jade.kdb" |
Code Block |
---|
JADEYADE profile : CredentialStoreFileName = /etc/keystore/sap_jade.kdb |
...
- If you want to store your access data, i.e. user id, password, SSH key, database connection string in an encrypted CS database, then enable this parameter and configure access to the CS accordingly. By default JADE YADE will look for the parameters from its configuration file, from the command line or from the JITL Job.
- Data-Type: SOSOptionBoolean
- The default value for this parameter is:
false
.
Example of
...
YADE Profile using Credential Store : jade_settings.ini
No Format |
---|
[Keepass_DataBase_WithPassword] use_credential_Store = true CredentialStore_FileName = R:\backup\sos\java\development\com.sos.VirtualFileSystem\keepassX-test.kdb CredentialStore_KeyPath = sos/server/homer.sos CredentialStore_password = testing [ReceiveUsingKeePass] include = Keepass_DataBase_WithPassword source_CredentialStore_KeyPath = sos/server/homer.sos source_include = Keepass_DataBase_WithPassword source_Dir = /tmp/test/jade/out source_make_Dirs = true source_loadClassName = com.sos.VirtualFileSystem.FTP.SOSVfsFtp2 target_protocol = local target_dir = /tmp/test/jade/in operation = copy file_spec = \.txt$ transfer_mode = ascii source_transfer_mode = ascii loadClassName = com.sos.VirtualFileSystem.FTP.SOSVfsFtp2 |