Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 8

changes.mady.by.user Mahendra Patidar

Saved on

compared with

New Version 9

changes.mady.by.user Mahendra Patidar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The "Password Safe" (CS Credential Store ) offerers offers possibilities to store encrypted connection data and any other data securely and independententlly interdependently of application (i.e. JADE). The access to the CS is only possible with Access method such as SSH key or password.
Currently CS is using "KeePass" and "KeePassX" with the db verson 1.0, thus CS can be used on most popular OS platforms.
The advantage of using CS is , that CS store access credentials ( and also other informaitioninformation/parameters) in standarized , secure and encrypted database i.e. Keepass. JADE access the CS Database using standard interface. CS Database can only be access using Password, encryption-key file(ppk) or combination of both. CS Password is also used to encrypt contents stored in CS Database with AES.
CS can also be used for securely store information/parameters along side password, Database connection URL, runtime decryption key and other access data.
Following information can be retreived retrieved from CS's standard fields
Feature: UserID
: The User identifaction of the user who is authorized for the operation.
Feature: Password
: Assigned password for the user.

Feature: Server-Name
: Target Server-Name or IP-address

Feature: Notes
: In "notes" section of the CS other parameters/options can be stored i.e. extra JADE parameters , Database connection URL etc. The extra options are defined similarly as they are defined on the command line.

Feature: File-Attachment
: Any file such as PGP file, SSH private key file can be stored in the CS as file attachment. Application will retrieve the attached file on runtime run time and will delete the file "immediately" once operation is finished.

Example of JADE Profile using Credential Store : jade_setting.ini

Code Block
 {{
                                       

<source>
    [Keepass_DataBase_WithPassword]
    use_credential_Store     = true
    CredentialStore_FileName

</source>

Profile : jade_setting.ini

Code Block

 {{
             = R:\backup\sos\java\development\com.sos.VirtualFileSystem\keepassX-test.kdb
    CredentialStore_KeyPath  = sos/server/homer.sos
    CredentialStore_password = testing
</source>


<source>
    [ReceiveUsingKeePass]
    include                        =  
    [Keepass_DataBase_WithPassword]
    usesource_credentialCredentialStore_StoreKeyPath = truesos/server/homer.sos
    CredentialStore_FileName = R:\backup\sos\java\development\com.sos.VirtualFileSystem\keepassX-test.kdbsource_include                 = Keepass_DataBase_WithPassword
    CredentialStore_KeyPathsource_Dir                     = sos/server/homer.sos/tmp/test/jade/out
    CredentialStore_passwordsource_make_Dirs               = testing
</source>


<source>
true
    source_loadClassName           = com.sos.VirtualFileSystem.FTP.SOSVfsFtp2
    target_protocol           [ReceiveUsingKeePass]
    include = Keepass_DataBase_WithPasswordlocal
    source_CredentialStore_KeyPath = sos/server/homer.sos
target_dir              source_include = Keepass_DataBase_WithPassword
    source_Dir = /tmp/test/jade/outin
    operation    source_make_Dirs = true
          source_loadClassName = com.sos.VirtualFileSystem.FTP.SOSVfsFtp2
      target_protocol = localcopy
    target_dir = /tmp/test/jade/in
file_spec               operation = copy
    file_spec = \.txt$
    transfer_mode                  = ascii
    source_transfer_mode           = ascii
    loadClassName                  = com.sos.VirtualFileSystem.FTP.SOSVfsFtp2
</source>
}}                                     

===Parameter used by SOSCredentialStore===

{| border="1"
|+ List of parameter
! ! Name || title || mandatory || default
|- 
| [[#CredentialStore_ProcessNotesParams|CredentialStore_ProcessNotesParams]]
| Process additional parameters from "notes" filed
| false
| false
|- 
| [[#CredentialStore_OverwriteExportedFile|CredentialStore_OverwriteExportedFile]]
| CredentialStore_OverwriteExportedFile
| false
| true
|- 
| [[#CredentialStore_Permissions4ExportedFile|CredentialStore_Permissions4ExportedFile]]
| CredentialStore_Permissions4ExportedFile
| false
| 600
|- 
| [[#CredentialStore_DeleteExportedFileOnExit|CredentialStore_DeleteExportedFileOnExit]]
| Delete Attachment On Exit of Application
| false
| true
|- 
| [[#CredentialStore_ExportAttachment|CredentialStore_ExportAttachment]]
| Export attached file to disc
| false
| false
|- 
| [[#CredentialStore_ExportAttachment2FileName|CredentialStore_ExportAttachment2FileName]]
| Name of the extracted attachment file
| false
| 
|- 
| [[#CredentialStore_KeyFileName|CredentialStore_KeyFileName]]
| Name of the File containing the private Key
| false
| 
|- 
| [[#CredentialStore_password|CredentialStore_password]]
| Password for CS
| false
| 
|- 
| [[#CredentialStore_AuthenticationMethod|CredentialStore_AuthenticationMethod]]
| Authentication Method for the CS
| true
| privatekey
|- 
| [[#CredentialStore_StoreType|CredentialStore_StoreType]]
| The Type of the crendential store application
| false
| KeePass
|- 
| [[#CredentialStore_KeyPath|CredentialStore_KeyPath]]
| Path and Key for the credentials
| true
| 
|- 
| [[#CredentialStore_FileName|CredentialStore_FileName]]
| Name of Credential Database
| true
| 
|- 
| [[#use_credential_Store|use_credential_Store]]
| use credential store for authentication
| false
| false
|}


====Parameter <span id="CredentialStore_ProcessNotesParams">CredentialStore_ProcessNotesParams</span>: Process additional parameters from "notes" filed====
----
In "notes" filed of the CS Database extra parameters like DB connection string , Proxy server IP etc. can be defined. These paramters will be processed with the other parameters defined in settings file, JITL parameters, but "IMP" if an paramter with same name is defined in the "notes" section , parameter value in "notes" will have priority. 
{code:language=bash}
                                -dburl=test -verbose=2 -password=12345-2

<source>

...