...

A number of JITL Job Templates require credentials, e.g. to access a database.

Security Considerations
- Sensitive information in jobs should not be hard-coded, should not be used from parameters and should not be disclosed, e.g. written to log files.
- Instead, a run-time interface is offered that allows to retrieve sensitive information from a Credential Store. References to Credential Store entries can safely be stored specified with parameter argument values.
Credential Store
- A credential store allows the secure storage and retrieval of to securely store and retrieve credentials for authentication, as well as connection details and other parameters, for a detailed features and supported products see
- See JS7 - Use of Credential Store with Shell Jobs
- See YADE Credential Store.
Solution Outline
- Access to the Credential Store is automatically provided for JS7 - Job Templates.

...

file - required
- the path to the Credential Store file. This file can be located anywhere in the file system.
password - optional
- the password for access to the Credential Store file.
- It is recommended not to use this parameter and instead to use a key_file to access the Credential Store.
key_file - optional, default: the path and name of the Credential Store file using the extension .key, for example, by default ./config/jobs.key is assumed if the Credential Store file ./config/jobs.kdbx is specified.

...

The full syntax is used when the complete URI is specified with an argument:

Name	Purpose	Example
`db_url`	JDBC connection string	`cs://jobs/oracle/minos.sos@url?file=./config/jobs.kdbx`
`db_user`	User name for database access	`cs://jobs/oracle/minos.sos@user?file=./config/jobs.kdbx`
`db_password`	Password for database access	`cs://jobs/oracle/minos.sos@password?file=./config/jobs.kdbx`

Explanation:

The jobs/oracle/minos.sos value is an example for a path to an entry in the KeePass database that holds the credentials.
The ./config/jobs.kdbx value is an example for a relative path to the KeePass database that holds the Credential Store.

...

The short syntax can be used if arguments are specified with references to the Credential Store location:

Name	Required	Purpose	Example
`db_url`	yes	JDBC connection string	`cs://jobs/oracle/minos.sos@url`
`db_user`	yes	User name for database access	`cs://jobs/oracle/minos.sos@user`
`db_password`	yes	Password for database access	`cs://jobs/oracle/minos.sos@password`
`credential_store_file`	yes	Location of

a

the Credential Store database file (*.kdbx)	`./config/jobs.kdbx`
`credential_store_key`	no	Location of

a

the Credential Store key file (*.key)	`./config/jobs.key`
`credential_store_password`	no	Password of the Credential Store

file

	`secret`
`credential_store_entry_path`	no	Folder hierarchy and entry name in the

Credentials Store file

Credential Store

/jobs/oracle

Use with JITL SAP Jobs

Status

colour	Yellow
title	TODO

...

Space shortcuts