| Table of Contents | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
YADE Credential Store
See more More information about the Credential Store here http://www.sos-berlin.com/mediawiki/index.php/Using_CredentialStore_to_securely_store_authentication,_connection_and_other_parameters
...
can be found in the following articles:
- YADE Credential Store
- Using Credential Store to securely store authentication, connection and other parameters
Setting up a Credential Store
Download
...
KeePass and create kdb file
...
- YADE Credential Store (CS)
...
- supports KeePassX DB version 1
...
- .x and 2.x
- You can download the Windows KeePass desktop utility from https://keepass.info/download.html
- You can download the KeePassX desktop utility from https://www.keepassx.org/downloads/
...
Set-up Credential Store with Password
Step 1: Setup KeePassX DB
- Open the KeePassX utility
- Choose Password password as Master Key
- Assign password to KeePass DB and click OK
JADE YADE will use the Master key Key, i.e. "the password " give specified during the creation process as access password of the KeePassX DBdatabase.
...
Set-up Credential Store with PPK key
- Start KeePassX utility
- Click on Key File as Master keyKey
- Browse for pre-generated ssh SSH key as Master keyKey
- Click Ok ok and KeePassX will open and will be ready to add new entries.
Create Credential Store entries
Create Credential Store entry for FTP server
KeePassX DB can organize entries in logical groups, using under groups and sub-groups.
One can organize Credential Store in groups i, e.eg. Internal-Server, External-Server etc, user . User is free to choose there his own organization scheme, for JADE it's make no difference.
- Create new top group i.e.
sos - create Create new sub group i.e.
server - create Create new entry wilm
wilma.sosfor settings- Title : Will be used as
- key in the hierarchy to access the credentials.
- Username
- : Field is used to specify the username
- , i.e.
- FTP, SFTP user name
- Password : Field
- is used to specify the password, user can use the
- KeePassX's password generation
- feature to specify strong passwords
- or can provide existing password.
- Comment : Can contain extra parameters for
- YADE along with credentials,
- any
- YADE parameter can be specified in
- the comment section.
- Expires : Expiry date is used to enforce a password and SSH key expiration policy. The user can define the expirarion period, e.g. 90 days, or check option
-
never. YADE will raise an error if a KeePassX DB entry is
- expired.
- Attachment
- : Can contain private key file used
- for file transfer
Create Credential Store entry for SFTP server
...
YADE profiles with Credential Store
...
Set-up global
...
Credential Store profile
Define an a global profile having containing all the parameters concerning Credential storeStore. JADE YADE can reuse any profile defined in same jade_settings.ini file.
It 's is recommended to create such profile fragments and reuse them in prfilesprofiles.
Other side User Alternatively a user can define multiple KeePassX DB 's i.efiles, e.g. Test, Integration, Production, and create corresponding profiles for the different environmentenvironments.
...
Set-up global
...
Credential Store profile with
...
password
| Code Block |
|---|
; Global Profile for KeePassX Database WithPassword [Keepass_DataBase_WithPassword] use_credential_Store = true CredentialStore_FileName = C:\sos-berlin.com\jade\credential-store\keepassX-test.kdb CredentialStoreAuthenticationMethod = password CredentialStore_password = ********* |
...
Set-up global
...
Credential Store profile with
...
public key
| Code Block |
|---|
; Global Profile for KeePassX Database With Public Key [Keepass_DataBase_WithPublicKey] use_credential_Store = true CredentialStore_FileName = C:\sos-berlin.com\jade\credential-store\keepassX-test.kdb CredentialStoreAuthenticationMethod = privatekey CredentialStore_KeyFileName = C:\sos-berlin.com\jade\config\jade_cs_rsa.ppk |
...
Set-up YADE profile for FTP
In this example we are including Credential store Store settings from a global KeePassX database profile Keepass_DataBase_WithPassword .
JADE YADE then will open the KeePassX DB and refer to the entry sos/server/wilma.sos , we have already defined this settings that has previously been defined in the KeePassX DBhttp://www.sos-berlin.com/mediawiki/index.php/Setting_up_%27%27JADE%27%27_with_Credential_Store#Create_Credential_Store_entry_for_FTP_server .
source_CredentialStore_KeyPath: JADE YADE will refer to the entry from KeePassX DB.
source_include: include Credential Store settings.
| Code Block |
|---|
[ReceiveUsingKeePass] source_include = Keepass_DataBase_WithPassword source_CredentialStore_KeyPath = sos/server/wilma8of9.sos source_dir = /tmp/test/jade/out source_make_dirs = true source_transfer_mode = ascii target_protocol = local target_dir = $\{TEMP\}/jade/in operation = copy file_spec = \.txt$ transfer_mode = ascii |
...
Set-up YADE profile for SFTP
| Code Block |
|---|
[ReceiveUsingKeePassReceiveUsingKeePassSourceSFTP] source_CredentialStore_KeyPath = sos/server/8of9.sos source_includeoperation = Keepass_DataBase_WithPasswordcopy sourcefile_dirspec = /tmp/test/jade/out\.txt$ ;; source_make_Dirsinclude = trueKeepass_DataBase_WithPassword source_transfer_mode = ascii target_protocol = local target_CredentialStore_KeyPath = sos/server/8of9.sftp.sos source_dir = $\{TEMP\}/tmp/test/jade/inout operationsource_protocol = SFTP source_ssh_auth_method = copy file_spec = password ;; target_protocol = \.txt$local transfer_modetarget_dir = ascii${TEMP}/jade/in |
...
Example for Server-to-Server File Transfer
...
profile using Credential
...
Store
A profile definition for Server-to-Server transferFile Transfer, from a ftp to a sftp an FTP to na SFTP server:
| Code Block |
|---|
[transfer_server_2_server] include = Keepass_DataBase_WithPassword file_spec = ^.*\.txt$ operation = copy source_CredentialStore_KeyPath = sos/server/wilma.sos source_dir = /tmp/test/jade/out target_CredentialStore_KeyPath = sos/server/8of9.sos target_dir = $\{TEMP\}/jade/in |
In this example all files with the file name extension ".txt" should be transferred from the server "wilma" via ftp FTP to the server 8of9 by sftpSFTP.
To start this with from the command line client one must you would type:
| Code Block | ||
|---|---|---|
| ||
jade.sh -settings=name_of_settings_file -profile=transfer_server_2_server
|
Profile fragments SFTP with Public Key
...
To make the profile more reusable and more readable it is possible to reuse profiles snippets in the way like this:
| Status | ||||
|---|---|---|---|---|
|
| Code Block |
|---|
[ReceiveUsingKeePass]
source_include = Keepass_DataBase_WithPassword
source_source_CredentialStore_KeyPath = keepass_homer_sftp_key
source_dir = /tmp/test/jade/out
source_protocol = sftp
source_CredentialStore_ExportAttachment = true
source_CredentialStore_ExportAttachment2FileName = c:\temp\8of9-sos.ppk
source_ssh_auth_method = publickey
source_ssh_auth_file = c:\temp\8of9-sos.ppk
source_make_Dirs = true
source_transfer_mode = ascii
target_protocol = local
target_dir = ${TEMP}/jade/in
operation = copy
file_spec = \.txt$
transfer_mode = ascii |
Profile fragments SFTP with Public Key
...
To make the profile more reusable and more readable it is possible to reuse profiles snippets in the way like this:
| Status | ||||
|---|---|---|---|---|
|
| Code Block |
|---|
See also
...
- Using Credential Store to securely store authentication, connection and other parameters]
- For information about the YADE parameters see
...