Page History
...
A number of JITL Job Templates require credentials, e.g. to access a database.
- Security Considerations
- Sensitive information in jobs should not be hard-coded, should not be used from parameters and should not be disclosed, e.g. written to log files.
- Instead, a run-time interface is offered that allows to retrieve sensitive information from a Credential Store. References to Credential Store entries can safely be stored specified with parameter argument values.
- Credential Store
- A credential store allows the secure storage and retrieval of to securely store and retrieve credentials for authentication, as well as connection details and other parameters, for a detailed features and supported products see
- See JS7 - Use of Credential Store with Shell Jobs
- See YADE Credential Store.
- Solution Outline
- Access to the Credential Store is automatically provided for JS7 - Job Templates.
...
file
- required- the path to the Credential Store file. This file can be located anywhere in the file system.
password
- optionalthe password for access to the Credential Store file.
It is recommended not to use this parameter and instead to use a
key_file
to access the Credential Store.
key_file
- optional, default: the path and name of the Credential Store file using the extension .key, for example, by default./config/jobs.key
is assumed if the Credential Store file ./config/jobs.kdbx
is specified.
...
The full syntax is used when the complete URI is specified with an argument:
Name | Purpose | Example |
---|---|---|
| JDBC connection string |
|
| User name for database access | cs://jobs/oracle/minos.sos@user?file=./config/jobs.kdbx |
| Password for database access |
|
Explanation:
- The
jobs/oracle/minos.sos
value is an example for a path to an entry in the KeePass database that holds the credentials. - The
./config/jobs.kdbx
value is an example for a relative path to the KeePass database that holds the Credential Store.
...
The short syntax can be used if arguments are specified with references to the Credential Store location:
Name | Required | Purpose | Example |
---|---|---|---|
| yes | JDBC connection string |
|
| yes | User name for database access | cs://jobs/oracle/minos.sos@user |
| yes | Password for database access | cs://jobs/oracle/minos.sos@password |
credential_store_file | yes | Location of |
the Credential Store database file (*.kdbx) | ./config/jobs.kdbx | |
credential_store_key | no | Location of |
the Credential Store key file (*.key) | ./config/jobs.key | |
credential_store_password | no | Password of the Credential Store |
secret | ||
credential_store_entry_path | no | Folder hierarchy and entry name in the |
Credential Store | /jobs/oracle |
Use with JITL SAP Jobs
Status | ||||
---|---|---|---|---|
|
...