Product Knowledge Base

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 64 Next »

h1. JADE Credential Store
See more information about Credential Store here http://www.sos-berlin.com/mediawiki/index.php/Using_CredentialStore_to_securely_store_authentication,_connection_and_other_parameters

Setup KeePassX DB as Credential Store

Download KeePassX and create kdb file

JADE Credential Store (CS) only support KeePassX DB version 1.0
one can download KeePassX desktop utility from https://www.keepassx.org/downloads/

Setup Credential Store with Password

Step 1: Setup KeePassX DB

  • Open the KeePassX utility
  • Choose Password as Master Key
  • Assign password to KeePass DB and click OK

JADE will use the Master key i.e. "password" give during creation process as access password of KeePassX DB.

Setup Credential Store with PPK key

  • Start KeePassX utility
  • Click on Key File as Master key
  • Browse for pre generated ssh key as Master key
  • Click Ok and KeePassX will open and will be ready to add new entries.

Create Credential Store entries

Create Credential Store entry for FTP server

KeePassX DB can organize entries in logical groups, using groups and sub-groups.
One can organize Credential in groups i.e. Internal-Server, External-Server etc, user is free to choose there own organization scheme, for JADE it's make no difference.

  • Create new top group i.e. sos
  • create new sub group i.e. server
  • create new entry wilm.sos for settings
  • {}Title{*} : will be used as Key in hierarchy to access the credentials.
  • {}Username{*} : field used to specify username , username used for file transfer , i.e. ftp/sftp username
  • {}Password{*} : password field is used to specify password , user can use the internal password generation mechanism to specify strong passwords
  • {}Comment{*} : can contain extra parameters for JADE along with credentials, all/any JADE parameter can be specified in Comment section.
  • {}Expires{*} : expiry date for the entry, user can define its own expiry period i.e. 90 days , or check option Never. <be/> JADE will through an error if KeePassX DB entry is not valid.
  • {}Attachment{*} : can have any file used during transfer i.e. public key

Create Credential Store entry for SFTP server

JADE profile(s) with Credential Store

Setup global credential Store profile

Define an profile having all the parameters concerning Credential store. JADE can reuse any profile defined in same jade_settings.ini.
It's recommended to create such fragments and reuse them in prfiles.
Other side User can define multiple KeePassX DB's i.e. Test, Integration, Production and create corresponding profiles for different environment.

Setup global credential Store profile with Password


 ; Global Profile for  KeePassX Database WithPassword
 [Keepass_DataBase_WithPassword]
 use_credential_Store                = true
 CredentialStore_FileName            = C:\sos-berlin.com\jade\credential-store\keepassX-test.kdb
 CredentialStoreAuthenticationMethod = password
 CredentialStore_password            = *********

Setup global credential Store profile with Public Key


 ; Global Profile for  KeePassX Database With Public Key
 [Keepass_DataBase_WithPublicKey]
 use_credential_Store                = true
 CredentialStore_FileName            = C:\sos-berlin.com\jade\credential-store\keepassX-test.kdb
 CredentialStoreAuthenticationMethod = privatekey
 CredentialStore_KeyFileName         = C:\sos-berlin.com\jade\config\jade_cs_rsa.ppk

Setup JADE profile for FTP

In this example we are including Credential store settings from global KeePassX database profile Keepass_DataBase_WithPassword .
JADE then will open the KeePassX DB and refer the entry sos/server/wilma.sos , we have already defined this settings in the KeePassX DB http://www.sos-berlin.com/mediawiki/index.php/Setting_up_%27%27JADE%27%27_with_Credential_Store#Create_Credential_Store_entry_for_FTP_server .

source_CredentialStore_KeyPath : JADE will refer the entry from KeePassX DB.

source_include : include Credential Store settings.

  [ReceiveUsingKeePass]
 source_include                 = Keepass_DataBase_WithPassword
 source_CredentialStore_KeyPath = sos/server/wilma.sos
 source_dir                     = /tmp/test/jade/out
 source_make_dirs               = true
 source_transfer_mode           = ascii
 target_protocol                = local
 target_dir                     = $\{TEMP\}/jade/in
 operation                      = copy
 file_spec                      = \.txt$
 transfer_mode                  = ascii

Setup JADE profile for SFTP

  [ReceiveUsingKeePass]
 source_CredentialStore_KeyPath = sos/server/8of9.sos
 source_include                 = Keepass_DataBase_WithPassword
 source_dir                     = /tmp/test/jade/out
 source_make_Dirs               = true
 source_transfer_mode           = ascii
 target_protocol                = local
 target_dir                     = $\{TEMP\}/jade/in
 operation                      = copy
 file_spec                      = \.txt$
 transfer_mode                  = ascii

An Example Transfer Profile

A profile definition for Server to Server transfer, from a sftp to a ftp server:

 [ftp_server_2_server]
 ssh_auth_method=password
 
 source_user=kb
 source_password=*****
 source_ssh_auth_method=password
 source_host=wilma.sos
 source_protocol=sftp
 source_port=22
 
 target_user=test
 target_password=*****
 target_host=8of9.sos
 target_protocol=ftp
 target_port=21
 
 file_spec=^.*\.txt$
 operation=copy

In this example all files with the file name extension ".txt" should be transferred from the server "wilma" via sftp to the server 8of9 by ftp. the folders are not explicitly specified and therefore the "home" folders of the user are selected.

Profile fragments TBD

To make the profile more reusable and readable it is possible to reuse profiles snipets in the way like this:

 [wilma]
 user=kb
 password=*****
 ssh_auth_method=password
 host=wilma.sos
 protocol=sftp
 port=22

 [8of9]
 user=test
 password=*****
 host=8of9.sos
 protocol=ftp
 port=21

 [globals]
 log_filename=$\{TEMP\}/sosftphistory.log

The profiles for wilma and 8of9 are defined only once. They could be used as many time as needed in different transfer profiles. There is a "globals" profile as well.

Define Profiles using the include directive TBD

Now we will specify the transfer profile again:

 [ftp_server_2_server]
 source_include=wilma
 target_include=8of9
 operation=copy
 file_spec=^.*\.txt$
   
 [ftp_more]
 target_include=wilma
 source_include=8of9
 operation=move
 file_spec=^.*\.(txt|pdf|dat)$
 source_folder=/outbound/daily
 target_folder=/inbound/transfer

The "include" parameter will include the named profiles in the order they are defined. In the first example wilma will be included as source and in the second example as target. The "globals" profile is included automatically, no need to specifiy it in an include parameter.
The profiles must be defined in the same settings file.

For infos about the parameters see the parameter documentation on jadeParameterReference.

  • No labels