Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 71

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 72

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The Credential Store (CS) allows sensitive data to be encrypted and stored securely and independently of the application(s) such as YADE and the JobScheduler YADE JITL Jobs that use this data.
  • The advantage of using a CS is that the CS stores sensitive information such as credentials in a standardized, secure and fully encrypted database and sensitive authentication information is not exposed in use. Applications access the CS database by using password, encryption-key file or a combination of both.
  • The CS requires the use of a standard open database format (.kdb or .kdbx database and the installation of a kdb-compatible user interface such as "KeePass", "KeePass 2" or "KeePass-X" ), which allows the use of graphical and API interfaces across the most relevant operating systems.

Scope

This article describes the use of the Credential Store with the YADE Client and describes a relatively simple configuration to allow users to get a working example up and running.

...

  • Compliance:
    • All sensitive configuration information is encrypted.
    • Access to the Credential Store can be securely protected by password, key file or password and key file - "password-free" authentication is possible.
    • Connection Authentication files such as public key files are used without being written to the file system.
  • Management
    • Configuration information can be centrally managed outside
    Management
    • Configuration information can be centrally managed outside of a file transfer environment.
  • Deployment
    • The same file transfer config. configuration file can be used for prod development and dev production environments - only the CS Credential Store needs to be changed during deployment.
  • Scope
    • The Credential Store can be used for the following configuration information
    for a The Credential Store can be used for configuration information for
    • :
      • file transfer source, target, proxy and  jump host / DMZ
    .
    Display feature availability
    StartingFromRelease1.12.2
      • ,
      • pre- and post-processing operations.

Anchor
example
example
Example Description

...

Display feature availability
StartingFromRelease1.12.2

All The full range of Credential Store features such as secure, compliant and password-free use of the Credential Store as well as compatibility with Keepass KeePass .kdb databases require requires the YADE Client in version 1.12.2 or newer.

...

  • Fragments
    • ProtocolFragments
      • FTPFragment name="ftp_demo_sos-berlin_cs"
        • ....
        • CredentialStoreFragmentRef ref ="ftp_demo"
    • CredentialStoreFragments
      • CredentialStoreFragment name ="ftp_demo"
        • CSFile file path  %USERPROFILE%\jade_demo....
        • CSAuthentication
          • PasswordAuthentication
            • .etc..
        • CSEntryPath
  • Profiles
    • .etc..

Addressing the information in the Credential Store

...

  • CredentialStoreFragments
    • CredentialStoreFragment name ="ftp_demo"
      • CSFile file path%USERPROFILE% \jade_demo....
      • CSAuthentication
        • PasswordAuthentication
          • .CSPassword password myPassword
        • KeyFileAuthentication
          • CSKeyFile path to key file .... %USERPROFILE%\jade_demo\cs_key_file\demo_credential_store.key
      • CSEntryPath

...

Connection authentication key files

The Credential Store can be used to store RSA and similar server connection authentication key files. The first key file for an Entry is These are stored in the Credential Store database as an attachment. Further key files are stored as using my_custom_field parameters. attachments.

Configuring authentication key files in the Credential Store

A first attachment is Attachments are added to the Credential Store in KeePass in the File Attachments section of the Advanced tab as shown in the screenshot belowthe screenshot below. Note that only one attachment can be added for each Credential Store Entry :

Configuring authentication key files in the XML settings file

...

  • SFTPFragment name ="sftp_demo_sos-berlin_cs"
    • BasicConnection
      • Hostname cs://demo/sftp/demo_on_test.sos-berlin.com@attachment
    • SSHAuthentication
      • Account
      • AuthenticationMethodPublicKey
        • AuthenticationFile cs://demo/sftp/demo_on_test.sos-berlin.com@attachment
        • Passphrase myPassPhrase
      • CredentialStoreFragmentRefref="ftp_demo"

Note that this list also shows the use of a Passphrase element for the AuthenticationFile element. This is not required for authentication with the test.sos-berlin.com SFTP server but is provided as an illustration. 

Passphrase elements are stored in the Credential Store as Notes.

See Also:

...