YADE Credential Store

See more More information about the Credential Store here http://www.sos-berlin.com/mediawiki/index.php/Using_CredentialStore_to_securely_store_authentication,_connection_and_other_parameters

...

can be found in the following articles:

• YADE Credential Store
• Using Credential Store to securely store authentication, connection and other parameters

Setting up a Credential Store

Download

...

KeePass and create kdb file

...

• YADE Credential Store (CS)

...

• supports KeePassX DB version 1.

...

• x and 2.x
• You can download the Windows KeePass desktop utility from https://keepass.info/download.html
• You can download the KeePassX desktop utility from https://www.keepassx.org/downloads/

...

Set-up Credential Store with Password

Step 1: Setup KeePassX DB

• Open the KeePassX utility and create new KeePass DB.
• Choose password as Master Key
• Assign password to KeePass DB and click OK

JADE YADE will use the "password" give during the Master Key, i.e. the password specified during the creation process as access password of the KeePassX DBdatabase.

Image Modified

...

Set-up Credential Store with PPK key

• Start KeePassX utility
• Click on Key File as Master keyKey
• Browse for pre-generated ssh SSH key as Master keyKey
• Click Ok ok and KeePassX will open and will be ready to add new entries.

Image Modified

Create Credential Store entries

Create Credential Store entry for FTP server

KeePassX DB can organize entries in logical groups, using under groups and sub-groups.
One can organize Credential Store in groups i, e.eg. Internal-Server, External-Server etc, user . User is free to choose there his own organization scheme, for JADE it's make no difference.

• Create new top group i.e. sos
• create Create new sub group i.e. server
• create Create new entry wilm wilma.sos for settings
  {}Title{*} : will
  • Title            : Will be used as
  Key
  • key in the hierarchy to access the credentials.
  {}
  • Username
  {*} : field
  •  : Field is used to specify the username,
  username used for file transfer ,
  • i.e.
  ftp/sftp username
  • FTP, SFTP user name
  • Password   : Field
  {}Password{*} : password field
  • is used to specify the password, user can use the
  internal
  •  KeePassX's password generation
  mechanism
  • feature to specify strong passwords
  {}Comment{*} : can
  • or can provide existing password.
  • Comment   : Can contain extra parameters for
  JADE
  • YADE along with credentials,
  all/
  • any
  JADE
  • YADE parameter can be specified in
  Comment
  • the comment section.
  {}Expires{*} : expiry date for the entry, user can define its own expiry period i.e
  • Expires       : Expiry date is used to enforce a password and SSH key expiration policy. The user can define the expirarion period, e.g. 90 days, or check option
  Never
  • never.
  JADE
  • YADE will
  through
  • raise an error if a KeePassX DB entry is
  not valid
  • expired.
  {}
  • Attachment
  {*} : can have any
  • : Can contain private key file used
  during transfer i.e. public key
  • for file transfer

  Image Modified

  Create Credential Store entry for SFTP server

  Image Modified

  ...

  YADE profiles with Credential Store

  ...

  Set-up global

  ...

  Credential Store profile

  A profile definition for Server to Server transfer, from a sftp to a ftp server:

  Define a global profile containing all the parameters concerning Credential Store. YADE can reuse any profile defined in same jade_settings.ini file.
  It is recommended to create profile fragments and reuse them in profiles.
  Alternatively a user can define multiple KeePassX DB files, e.g. Test, Integration, Production, and create corresponding profiles for the different environments.

  Set-up global Credential Store profile with password

  Code Block
  ; Global Profile for KeePassX Database WithPassword
  Code Block
  [Keepass_DataBase_WithPassword] use_credential_Store = true CredentialStore_FileName = C:\sos-berlin.com\jade\credential-store\keepassX-test.kdb CredentialStoreAuthenticationMethod = password CredentialStore_password = *********

  Setup JADE profile for FTP

  Set-up global Credential Store profile with public key

  Code Block
  ; Global Profile for KeePassX Database With Public Key [Keepass_DataBase_WithPublicKey] use_credential_Store = true CredentialStore_FileName = C:\sos-berlin.com\jade\credential-store\keepassX-test.kdb CredentialStoreAuthenticationMethod = privatekey CredentialStore_KeyFileName = C:\sos-berlin.com\jade\config\jade_cs_rsa.ppk

  Set-up YADE profile for FTP

  In this example we are including Credential Store settings from a global KeePassX database profile Keepass_DataBase_WithPassword .
  YADE then will open the KeePassX DB and refer to the entry sos/server/wilma.sos that has previously been defined in the KeePassX DB:

  source_CredentialStore_KeyPath: YADE will refer to the entry from KeePassX DB.

  source_include: include Credential Store settings.

  Code Block
  [ReceiveUsingKeePass]
  Code Block
  [ReceiveUsingKeePass] source_CredentialStore_KeyPath = sos/server/wilma.sos source_include = Keepass_DataBase_WithPassword source_CredentialStore_KeyPath = sos/server/8of9.sos source_dir = /tmp/test/jade/out source_make_Dirsdirs = true source_transfer_mode = ascii target_protocol = local target_dir = $\{TEMP\}/jade/in operation = copy file_spec = \.txt$ transfer_mode = ascii

  ...

  Set-up YADE profile for SFTP

  Code Block

  [ReceiveUsingKeePassSourceSFTP] [ReceiveUsingKeePass] source_CredentialStore_KeyPath = sos/server/8of9.sos operation = copy file_spec = \.txt$ ;; source_include = Keepass_DataBase_WithPassword source_CredentialStore_KeyPath = sos/server/8of9.sftp.sos source_dir = /tmp/test/jade/out source_make_Dirsprotocol = trueSFTP source_ssh_transferauth_modemethod = = asciipassword ;; target_protocol = local target_dir = $\{TEMP\}/jade/in operation

  Example for Server-to-Server File Transfer profile using Credential Store

  A profile definition for Server-to-Server File Transfer, from an FTP to na SFTP server:

  Code Block
  [transfer_server_2_server] include = copyKeepass_DataBase_WithPassword file_spec = ^.*\.txt$ transfer_modeoperation = ascii

  An Example Transfer Profile

  A profile definition for Server to Server transfer, from a sftp to a ftp server:

  Code Block

  [ftp_server_2_server] ssh_auth_method=password copy source_user=kb source_password=***** source_ssh_auth_method=password source_host=CredentialStore_KeyPath = sos/server/wilma.sos source_protocol=sftp source_port=22 target_user=test target_password=***** target_host=dir = /tmp/test/jade/out target_CredentialStore_KeyPath = sos/server/8of9.sos target_protocol=ftp target_port=21 file_spec=^.*\.txt$ operation=copy dir = ${TEMP}/jade/in

  In this example all files with the file name extension ".txt" should be transferred from the server "wilma" via sftp FTP to the server 8of9 by ftpSFTP. the folders are not explicitly specified and therefore the "home" folders of the user are selected.

  ...

  To start this from the command line you would type:

  Code Block
  language bash
  jade.sh -settings=name_of_settings_file -profile=transfer_server_2_server

  Profile fragments SFTP with Public Key

  To make the profile more reusable and more readable it is possible to reuse profiles snipets snippets in the way like this:

  Status
  colour Red title TODO

  Code Block
  [wilma] user=kb password=***** ssh_auth_method=password host=wilma.sos protocol=sftp port=22 [8of9] user=test password=***** host=8of9.sos protocol=ftp port=21 [globals] log_filename=$\{TEMP\}/sosftphistory.log

  The profiles for wilma and 8of9 are defined only once. They could be used as many time as needed in different transfer profiles. There is a "globals" profile as well.

  Define Profiles using the include directive TBD

  Now we will specify the transfer profile again:

  Code Block
  [ftp_server_2_server] source_include=wilma target_include=8of9 operation=copy file_spec=^.*\.txt$ [ftp_more] target_include=wilma source_include=8of9 operation=move file_spec=^.*\.(txt|pdf|dat)$ source_folder=/outbound/daily target_folder=/inbound/transfer

  The "include" parameter will include the named profiles in the order they are defined. In the first example wilma will be included as source and in the second example as target. The "globals" profile is included automatically, no need to specifiy it in an include parameter.
  The profiles must be defined in the same settings file.

  ...

  ReceiveUsingKeePass] source_include = Keepass_DataBase_WithPassword source_source_CredentialStore_KeyPath = keepass_homer_sftp_key source_dir = /tmp/test/jade/out source_protocol = sftp source_CredentialStore_ExportAttachment = true source_CredentialStore_ExportAttachment2FileName = c:\temp\8of9-sos.ppk source_ssh_auth_method = publickey source_ssh_auth_file = c:\temp\8of9-sos.ppk source_make_Dirs = true source_transfer_mode = ascii target_protocol = local target_dir = ${TEMP}/jade/in operation = copy file_spec = \.txt$ transfer_mode = ascii

  Profile fragments SFTP with Public Key

  To make the profile reusable and more readable it is possible to reuse profiles snippets in the way like this:

  Status
  colour Red title TODO

  Code Block

  See also

  • Using Credential Store to securely store authentication, connection and other parameters]
  • For information about the YADE parameters see the YADE - Reference Documentation - Parameter Reference