The YADE Credential Store offers a central and secure location to store credentials rather then specifying, for example, information such as the user name and password in configuration parameters.

Use of the Credential Store therefore ensures compliance.

Credential Stores are KeePassX databases that have been configured to be used by YADE. They are not related to the Java Keystore that can be used by specifying FTPSClientSecurity parameters.

Specifying a Credential Store

Credential Store elements are referenced from a configuration profile in a similar manner to the way file transfer protocol and notification fragments are referenced:

  • a CredentialStoreFragment element is specified in the configuration Fragments branch with information including:
    • the store location (specified in the CSFile element)
    • authentication required to access the store (specified in the CSAuthentication element)
    • the location of the authentication information in the store (specified in the CSEntryPath element)
  • a CredentialStoreFragmentRef element is specified in the configuration Profiles branch as shown in the hierarchy below.
  • the CredentialStoreFragmentRef element has a ref attribute that refers to the name attribute of a CredentialStoreFragment element specified in the configuration Fragments branch.

Any number of Credential Store elements can be configured within a file transfer configuration.

The XML Hierarchy for Credential Store elements is shown schematically in the section below and more detailed information about the configuration of the individual credential store elements can be found in the following Parameter Reference articles:

The XML Hierarchy for Credential Store elements

The following diagram shows the XML element hierarchy required to specify two credential stores, CS-1 and CS-2.

  • Fragments
    • ProtocolFragments
    • AlternativeFragmnents
    • NotificationFragments
    • CredentialStoreFragments (optional)
      • CredentialStoreFragment (name="CS-1")
        • CSFile (required)
        • CSAuthentication (required)
          • PasswordAuthentication
          • KeyFileAuthentication
        • CSEntryPath (required)
      • CredentialStoreFragment (name="CS-2")
      • etc.
  • Profiles
    • Profile
      • Operation (required)
      • Notifications (optional)
      • CredentialStore (optional)
        • CredentialStoreFragmentRef (ref="CS-1")
        • CredentialStoreFragmentRef (ref="CS-2")
        • etc.
      • etc.

The CS-1 ref attribute of the CredentialStoreFragmentRef element in the transfer profile is used to call the CredentialStoreFragment with the name CS-1. This element then contains the necessary information necessary to access the authentication information saved in the credential store.

Further information

A more detailed description of the use of the Credential Store can be found in the Using Credential Store to securely store authentication, connection and other parameters article.