Page History

...

Feature: File-Attachment : Any file such as PGP file, SSH private key file can be stored in the CS as file attachment. Application will retrieve the attached file on run time and will delete the file "immediately" once operation is finished.

Example of JADE Profile using Credential Store : jade_setting.ini

 {{
                                       
    [Keepass_DataBase_WithPassword]
    use_credential_Store     = true
    CredentialStore_FileName = R:\backup\sos\java\development\com.sos.VirtualFileSystem\keepassX-test.kdb
    CredentialStore_KeyPath  = sos/server/homer.sos
    CredentialStore_password = testing
</source>


<source>
    [ReceiveUsingKeePass]
    include                        = Keepass_DataBase_WithPassword
    source_CredentialStore_KeyPath = sos/server/homer.sos
    source_include                 = Keepass_DataBase_WithPassword
    source_Dir                     = /tmp/test/jade/out
    source_make_Dirs               = true
    source_loadClassName           = com.sos.VirtualFileSystem.FTP.SOSVfsFtp2
    target_protocol                = local
    target_dir                     = /tmp/test/jade/in
    operation                      = copy
    file_spec                      = \.txt$
    transfer_mode                  = ascii
    source_transfer_mode           = ascii
    loadClassName                  = com.sos.VirtualFileSystem.FTP.SOSVfsFtp2
</source>
}}                                     

==Parameter used by SOSCredentialStore==

{| border="1"
|+ List of parameter
! ! Name || title || mandatory || default
|- 
| [[#CredentialStore_ProcessNotesParams|CredentialStore_ProcessNotesParams]]
| Process additional parameters from "notes" filed
| false
| false
|- 
| [[#CredentialStore_OverwriteExportedFile|CredentialStore_OverwriteExportedFile]]
| CredentialStore_OverwriteExportedFile
| false
| true
|- 
| [[#CredentialStore_Permissions4ExportedFile|CredentialStore_Permissions4ExportedFile]]
| CredentialStore_Permissions4ExportedFile
| false
| 600
|- 
| [[#CredentialStore_DeleteExportedFileOnExit|CredentialStore_DeleteExportedFileOnExit]]
| Delete Attachment On Exit of Application
| false
| true
|- 
| [[#CredentialStore_ExportAttachment|CredentialStore_ExportAttachment]]
| Export attached file to disc
| false
| false
|- 
| [[#CredentialStore_ExportAttachment2FileName|CredentialStore_ExportAttachment2FileName]]
| Name of the extracted attachment file
| false
| 
|- 
| [[#CredentialStore_KeyFileName|CredentialStore_KeyFileName]]
| Name of the File containing the private Key
| false
| 
|- 
| [[#CredentialStore_password|CredentialStore_password]]
| Password for CS
| false
| 
|- 
| [[#CredentialStore_AuthenticationMethod|CredentialStore_AuthenticationMethod]]
| Authentication Method for the CS
| true
| privatekey
|- 
| [[#CredentialStore_StoreType|CredentialStore_StoreType]]
| The Type of the crendential store application
| false
| KeePass
|- 
| [[#CredentialStore_KeyPath|CredentialStore_KeyPath]]
| Path and Key for the credentials
| true
| 
|- 
| [[#CredentialStore_FileName|CredentialStore_FileName]]
| Name of Credential Database
| true
| 
|- 
| [[#use_credential_Store|use_credential_Store]]
| use credential store for authentication
| false
| false
|}


====Parameter <span id="CredentialStore_ProcessNotesParams">CredentialStore_ProcessNotesParams</span>: Process additional parameters from "notes" filed====
----
In "notes" filed of the CS Database extra parameters like DB connection string , Proxy server IP etc. can be defined. These paramters will be processed with the other parameters defined in settings file, JITL parameters, but "IMP" if an paramter with same name is defined in the "notes" section , parameter value in "notes" will have priority. 
{code:language=bash}-dburl=test -verbose=2 -password=12345

In the "notes" properties of KeePass can be used to store extra parameters i.e. options such as DB connection string , proxy server settings etc.
Data-Type : SOSOptionBoolean
The default value for this parameter is '''false'''.
Use together with parameter:

Parameter used by SOSCredentialStore

Parameter <span ih1. "CredentialStore_ProcessNotesParams">CredentialStore_ProcessNotesParams</span>: Process additional parameters from "notes" filed

...

In "notes" filed of the CS Database extra parameters like DB connection string , Proxy server IP etc. can be defined. These paramters will be processed with the other parameters defined in settings file, JITL parameters, but "IMP" if an paramter with same name is defined in the "notes" section , parameter value in "notes" will have priority.

-dburl=test -verbose=2 -password=12345

In the "notes" properties of KeePass can be used to store extra parameters i.e. options such as DB connection string , proxy server settings etc.
Data-Type : SOSOptionBoolean
The default value for this parameter is false.
Use together with parameter:

• use_credential_Store - use credential store for authentication

Alias: CS_ProcessNotesParams

Parameter <span id"CredentialStore_OverwriteExportedFile">CredentialStore_OverwriteExportedFile</span>: CredentialStore_OverwriteExportedFile

...

At runtime JADE can export the file defined in the attachment filed of the CS DB to the local file system. for example If attached file is an SSH key and JADE want to use the Key file for Data Exchange operation Usually if JADE want to use an SSH key , stored in the CS as attachement JADE has to export attached file into predefined directory i.e. $HOME/.ssh. To avoide any unwanted overwriting of any existing file into $HOME/.ssh folder, "IMP"" set this parameter as "false".
Data-Type : SOSOptionBoolean
The default value for this parameter is true.
Use together with parameter:

• use_credential_Store - use credential store for authentication

Alias: CS_OverwriteExportedFile

Parameter <span ih1. "CredentialStore_Permissions4ExportedFile">CredentialStore_Permissions4ExportedFile</span>: CredentialStore_Permissions4ExportedFile

...

At runtime JADE can export the file defined in the attachment filed of the CS DB to the local file system. for example If attached file is an SSH key and JADE want to use the Key file for Data Exchange operation Usally if JADE want to use an SSH key , stored in the CS as attachement JADE has to export attached file into predefined directory i.e. $HOME/.ssh and key file should have specific permissions. It could be possible that "application user" calling the JADE have different set of application, to avoide any file permission issue during run time, "IMP" set the required file permission using these parameters

-CredentialStore_Permissions4ExportedFile="600"

Data-Type : SOSOptionString
The default value for this parameter is 600.
Use together with parameter:

• use_credential_Store - use credential store for authentication
• CredentialStore_ExportAttachment - Export attached file to disc

Alias: CS_Permissions4ExportedFile

Parameter <span id"CredentialStore_DeleteExportedFileOnExit">CredentialStore_DeleteExportedFileOnExit</span>: Delete Attachment On Exit of Application

...

At runtime JADE will export the attached file to local file system , once operation is completed , irrespecive of operation's status (successfully or unsucessfully ), by default JADE will delete this file. In special case i.e. for debuging or any other reason if you want that JADE should not delete the file "IMP" set this parameter as FALSE
Data-Type : SOSOptionBoolean
The default value for this parameter is true.
Use together with parameter:

• use_credential_Store - use credential store for authentication

Alias: CS_DeleteExportedFileOnExit

Parameter <span ih1. "CredentialStore_ExportAttachment">CredentialStore_ExportAttachment</span>: Export attached file to disc

...

If JADE need an file, stored in the CS DB as attachemenr, at runtime JADE can export the file on local filesystem. By default JADE don't export attached file. "IMP" if JADE need "attachment" file at runtime , set this parameter as TRUE
Data-Type : SOSOptionBoolean
The default value for this parameter is false.
Alias: CS_ExportAttachment

Parameter <span id"CredentialStore_ExportAttachment2FileName">CredentialStore_ExportAttachment2FileName</span>: Name of the extracted attachment file

...

To use the file stored in the CS as attachment, during an operation, JADE has to export the attached file on local filesystem. To define the name of exported file name on local filesystem , use this parameter.

-CredentialStore_ExportAttachment2FileName="archive_server_ras.ppk"

Data-Type : SOSOptionOutFileName
Use together with parameter:

• use_credential_Store [#use_credential_Store] - use credential store for authentication

Alias: CS_ProcessNotesParamsExportAttachment2FileName====

Parameter <span

...

ih1. "CredentialStore_

...

KeyFileName">CredentialStore_

...

KeyFileName</span>:

...

Name of the File containing the private Key

...

Credential store can be accessed by the JADE using an private key or with password or combination of both. define the path/location of the ssh key file using this parameter.

-CredentialStore_KeyFileName="jade_cs_rsa.ppk"

Data-Type : SOSOptionInFileName
Use together with parameter:

• use_credential_Store - use credential store for authentication

Alias: CS_KeyFileName

Parameter <span id"CredentialStore_password">CredentialStore_password</span>: Password for CS

...

Credential store can be accessed by the JADE using an private key or with password or combination of both. define the CS's access password using this parameter. "IMP" always set strong password for CS.

-CredentialStore_password="55ybr293N!2BButnY4,w"

Data-Type : SOSOptionPassword
Use together with parameter:

• use_credential_Store

At runtime JADE can export the file defined in the attachment filed of the CS DB to the local file system. for example If attached file is an SSH key and JADE want to use the Key file for Data Exchange operation Usually if JADE want to use an SSH key , stored in the CS as attachement JADE has to export attached file into predefined directory i.e. $HOME/.ssh. To avoide any unwanted overwriting of any existing file into $HOME/.ssh folder, "IMP"" set this parameter as "false".
Data-Type : SOSOptionBoolean
The default value for this parameter is '''true'''.
Use together with parameter:

• [#use_credential_Store] - use credential store for authentication

Alias: CS_OverwriteExportedFilepassword====

Parameter <span

...

ih1. "CredentialStore_

...

AuthenticationMethod">CredentialStore_

...

AuthenticationMethod</span>:

...

Authentication Method for the CS

...

There are three possible combination of Authentication methods.

-CredentialStoreAuthenticationMethod="password"
               --- OR --- 
-CredentialStoreAuthenticationMethod="privatekey"
               --- OR --- 
-CredentialStoreAuthenticationMethod="password+privatekey"

<source>
                            

</source>

At runtime JADE can export the file defined in the attachment filed of the CS DB to the local file system. for example If attached file is an SSH key and JADE want to use the Key file for Data Exchange operation Usally if JADE want to use an SSH key , stored in the CS as attachement JADE has to export attached file into predefined directory i.e. $HOME/.ssh and key file should have specific permissions. It could be possible that "application user" calling the JADE have different set of application, to avoide any file permission issue during run time, "IMP" set the required file permission using these parameters

-CredentialStore_Permissions4ExportedFile="600"

Data-Type : SOSOptionString
The default value for this parameter is '''600''' privatekey.
Use together with parameter:

• [#useuse_credential_Store] - use credential store for authentication[#CredentialStore_ExportAttachment] - Export attached file to disc

This parameter is mandatory.
Alias: CS_Permissions4ExportedFileAuthenticationMethod====

Parameter <span id

...

"CredentialStore_

...

StoreType">CredentialStore_

...

StoreType</span>: The Type of the crendential store application

...

At present only "KeePass" as CS DB is supported and only "KeePass" as valid parameter value is permitted. Delete Attachment On Exit of Application====At runtime JADE will export the attached file to local file system , once operation is completed , irrespecive of operation's status (successfully or unsucessfully ), by default JADE will delete this file. In special case i.e. for debuging or any other reason if you want that JADE should not delete the file "IMP" set this parameter as FALSE
Data-Type : SOSOptionBooleanSOSOptionString
The default value for this parameter is '''true''' KeePass.
Use together with parameter:

• [#useuse_credential_Store] - use credential store for authentication

Alias: CS_DeleteExportedFileOnExitStoreType====

Parameter <span

...

ih1. "CredentialStore_

...

KeyPath">CredentialStore_

...

KeyPath</span>:

...

Path and Key for the credentials

...

This Option specifies the path of the Access key for the entry which has to be used for the credentials.
Credential store can be accessed by the JADE using an private key or with password or combination of both. define the path/location of the ssh key file using this parameter.

 -CredentialStore_KeyFileName="/ssh/server1/sap-upload"

Data-Type : SOSOptionString
Use together with parameter:

• use_credential_Store - use credential store for authentication

This parameter is mandatory SOSOptionBoolean
The default value for this parameter is '''false'''.
Alias: CS_ExportAttachmentKeyPath====

Parameter <span id

...

"CredentialStore_

...

FileName">CredentialStore_

...

FileName</span>: Name of Credential Database

...

The path and name of the KeePass or KeePassX DB file with the file extension ".kdb" the extracted attachment file====To use the file stored in the CS as attachment, during an operation, JADE has to export the attached file on local filesystem. To define the name of exported file name on local filesystem , use this parameter.

-CredentialStore_ExportAttachment2FileName="archive_server_ras.ppk"

Data-Type : SOSOptionOutFileName
Use together with parameter:

• [#use_credential_Store] - use credential store for authentication

Alias: CS_ExportAttachment2FileName

====Parameter <span id="CredentialStore_KeyFileName">CredentialStore_KeyFileName</span>: Name of the File containing the private Key====

Credential store can be accessed by the JADE using an private key or with password or combination of both. define the path/location of the ssh key file using this parameter.

-CredentialStore_KeyFileName="jade_cs_rsa.ppk"

Data-Type : SOSOptionInFileName
Use together with parameter:

• [#use_credential_Store] - use credential store for authentication

Alias: CS_KeyFileName

====Parameter <span id="CredentialStore_password">CredentialStore_password</span>: Password for CS====

Credential store can be accessed by the JADE using an private key or with password or combination of both. define the CS's access password using this parameter. "IMP" always set strong password for CS.

-CredentialStore_password="55ybr293N!2BButnY4,w"

Data-Type : SOSOptionPassword
Use together with parameter:

• [#use_credential_Store] - use credential store for authentication

Alias: CS_password

====Parameter <span id="CredentialStore_AuthenticationMethod">CredentialStore_AuthenticationMethod</span>: Authentication Method for the CS====

There are three possible combination of Authentication methods.

 Command-Line :  jade.sh -CredentialStoreFileName="/etc/keystore/sap_jade.kdb"

JADE profile :  CredentialStoreFileName = /etc/keystore/sap_jade.kdb

Java API : CSOptions.CredentialStoreFileName.Value("/etc/keystore/sap_jade.kdb");

Data-Type : SOSOptionInFileName
Use together with parameter:

• use_credential_Store - use credential store for authentication

This parameter is mandatory.
Alias: CS_FileName

Parameter <span id="use_credential_Store">use_credential_Store</span>: use credential store for authentication

...

If you want to store your access data i.e. user-id , password, SSH key , DB URL in encrypted CS DB, unable this parameter and configure the rest if the CS accordinglly. By default JADE will look for the parameters from settings.ini, command line or from JITL job.
Data-Type : SOSOptionBoolean
The default value for this parameter is false.

Example of JADE Profile using Credential Store : jade_setting.ini

<source>

 {{

-CredentialStoreAuthenticationMethod="password"
               --- OR --- 
-CredentialStoreAuthenticationMethod="privatekey"
               --- OR --- 
-CredentialStoreAuthenticationMethod="password+privatekey"

<source>
   
    [Keepass_DataBase_WithPassword]
    use_credential_Store     = true
    CredentialStore_FileName       

Data-Type : SOSOptionString
The default value for this parameter is  {*}privatekey{*}.
Use together with parameter:  
* [use_credential_Store|#use_credential_Store] - use credential store for authentication

This parameter is mandatory.
Alias: CS_AuthenticationMethod

h4. Parameter <span ih1. "CredentialStore_StoreType">CredentialStore_StoreType</span>: The Type of the crendential store application
----
At present only "KeePass" as CS DB is supported and only "KeePass" as valid parameter value is permitted.
Data-Type : SOSOptionString
The default value for this parameter is  {*}KeePass{*}.
Use together with parameter:  
* [use_credential_Store|#use_credential_Store] - use credential store for authentication

Alias: CS_StoreType


h4. Parameter <span id"CredentialStore_KeyPath">CredentialStore_KeyPath</span>: Path and Key for the credentials
----
This Option specifies the path of the Access key for the entry which has to be used for the credentials. 
Credential store can be accessed by the JADE using an private key or with password or combination of both. define the path/location of the ssh key file using this parameter. 
{code:language=bash} -CredentialStore_KeyFileName="/ssh/server1/sap-upload"

Data-Type : SOSOptionString
Use together with parameter:

• use_credential_Store - use credential store for authentication

This parameter is mandatory.
Alias: CS_KeyPath

Parameter <span ih1. "CredentialStore_FileName">CredentialStore_FileName</span>: Name of Credential Database

The path and name of the KeePass or KeePassX DB file with the file extension ".kdb".

 Command-Line :  jade.sh -CredentialStoreFileName="/etc/keystore/sap_jade.kdb"

JADE profile :  CredentialStoreFileName = /etc/keystore/sap_jade.kdb

Java API : CSOptions.CredentialStoreFileName.Value("/etc/keystore/sap_jade.kdb");

Data-Type : SOSOptionInFileName
Use together with parameter:

• use_credential_Store - use credential store for authentication

This parameter is mandatory.
Alias: CS_FileName

Parameter <span id"use_credential_Store">use_credential_Store</span>: use credential store for authentication

...

= R:\backup\sos\java\development\com.sos.VirtualFileSystem\keepassX-test.kdb
    CredentialStore_KeyPath  = sos/server/homer.sos
    CredentialStore_password = testing
</source>


<source>
    [ReceiveUsingKeePass]
    include                        = Keepass_DataBase_WithPassword
    source_CredentialStore_KeyPath = sos/server/homer.sos
    source_include                 = Keepass_DataBase_WithPassword
    source_Dir                     = /tmp/test/jade/out
    source_make_Dirs               = true
    source_loadClassName           = com.sos.VirtualFileSystem.FTP.SOSVfsFtp2
    target_protocol                = local
    target_dir                     = /tmp/test/jade/in
    operation                      = copy
    file_spec                      = \.txt$
    transfer_mode                  = ascii
    source_transfer_mode           = ascii
    loadClassName                  = com.sos.VirtualFileSystem.FTP.SOSVfsFtp2
</source>
}}                                     

</text>