Date: Thu, 28 Mar 2024 17:15:27 +0000 (UTC) Message-ID: <1642856973.11761.1711646127483@change.sos-berlin.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_11760_189794779.1711646127483" ------=_Part_11760_189794779.1711646127483 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Sensitive information that is used in job scripts can be stored in a Cre= dential Store and retrieved at run-time.
This feature is similar to the approach used by the YADE file transfer j= ob (and command line utility) to store credentials with the YADE Credential Store.
JS7 Agents provide the com.sos.commons.credentialstore.keepass.SOS=
KeePassDatabase
Java class that can be invoked:
java
command line utility wi=
th the class name:
from the command line like this:
java com.sos.commons.credentialstore.keepass.SOSKeePassDatabas=
e "cs://server/SFTP/homer.sos@password?file=3Dcredential_store.kdbx"
=
When invoking the class then the path to the entry in the credential= store has to be specified.
$JS7_AGENT_HOME/bin/agent_credential_value.sh "cs://server/SFTP/h=
omer.sos@password?file=3Dcredential_store.kdbx"
%JS7_AGENT_HOME%\bin\agent_credential_value.cmd "cs://server/SFTP=
/homer.sos@password?file=3Dcredential_store.kdbx"
java
command line utility=
.SOSKeePassDatabase
class syntacti=
cally uses a single parameter string that holds the URI and a number of que=
ry parameters:cs://<entry_path>@<property_name>=
code> - required
- The URI based syntax includes the protocol
cs://
- followed by the
<entry_path>
that specifies=
the directory structure and entry name in the credentials store file.
- followed by the @ character
- followed by the
<property_name>
that should=
be retrieved:
- frequently used properties include credential store field names such as=
title, user, password
. Custom field names are supported. =
;
- starting with JITL-585 the
attachment=
property is supported.
- for a detailed description of the available properties see the Using Credential Store to securely st=
ore authentication, connection and other parameters article.
file
- required
cs://databases/mysql_localhost@password?file=3Dconfig/credential_=
store.kdbx
cs://databases/mysql_localhost@password?file=3DC:/ProgramData/sos=
-berlin.com/js7/agent/config/credential_store.kdbx
JS7_AGENT_WORK_D=
IR
from the JS7 - Job Environment Variables article.password
- optional
key_file
- optional, default: <credential_stor=
e_database_filename_without_extension>.key
file
parameter above.password
parameter is not used.ignore_expired
- optional (boolean 0-1), default: 0
attachment
- optional (boolean 0-1)create_entry
- optional (boolean 0-1), default: 0
create_entry
=3D0 - an exception is raised if the entry can=
not be found.
create_entry
=3D1 - creates an entry if it does not exist.<=
br>
- an exception is raised if the top-level group of the
cs://<entry_path>
URI does not match the Credential Store to=
p-level group.
- creates the full path to the entry if it does not exist.
set_property
- optional
cs://<entry_path>@<property_name><=
/em>?...&
set_property=3D<value>
<property_name>
property exists:
<property_name>
property does not exist:
<property_name>
property will be created wi=
th the given value.cs://<entry_path>@<property_nam=
e>?
...&set_property=3D<file path>&attac=
hment=3D1
<property_name>
property exists:
<file path>
=
file content.<property_name>
property does not exist:
<property_name>
binary property will be cre=
ated with the <file path>
file content.cs://<entry_path>@attachment?...&set_=
property=3D<file path>
stdout_on_set_binary_property
- optional (Boolean 0-1), de=
fault: 0
stdout_on_set_binary_property
=3D0
s=
et_property
.stdout_on_set_binary_property
=3D1
set=
_property
.#!/usr/= bin/bash JS7_CREDENTIAL_VALUE=3D`"$JS7_AGENT_HOME/bin/agent_credential_value.sh" "cs= ://jobs/SFTP/sftp_server@password?file=3D$JS7_AGENT_CONFIG_DIR/jobs.kdbx"` RC=3D$? if [ $RC -ne 0 ]=20 then =09exit $RC fi echo $JS7_CREDENTIAL_VALUE
Explanation:
agent_credential_value.sh
is av=
ailable from the Agent's ./bin
folder in the install=
ation directory. The environment variable $JS7_AGENT_HOME
=
is automatically provided../config
&=
nbsp;directory of the Agent. The environment variable $JS7_=
AGENT_CONFIG_DIR
is automatically provided.$JS7_CREDENTIAL_VALUE
env=
ironment variable to hold the output to stdout of the script, i.e. it recei=
ves the credential value.JAVA_HOME
environment variable has t=
o be set. As the Agent is operated for Java the job script will find this e=
nvironment variable if it has been exported when starting the Agent.@rem Ex= ample 1: use of built-in variable %JS7_CREDENTIAL_VALUE% @call "%JS7_AGENT_HOME%\bin\agent_credential_value.cmd" "cs://jobs/SFTP/sft= p_server@password?file=3D%JS7_AGENT_CONFIG_DIR%\jobs.kdbx" if ERRORLEVEL 1 exit /b %ERRORLEVEL% @echo %JS7_CREDENTIAL_VALUE% @rem Example 2: output to stdout @call "%JS7_AGENT_HOME%\bin\agent_credential_value.cmd" "cs://jobs/SFTP/sft= p_server@password?file=3D%JS7_AGENT_CONFIG_DIR%\jobs.kdbx" stdout if ERRORLEVEL 1 exit /b %ERRORLEVEL%
Explanation:
agent_credential_value.cmd
is available from th=
e Agent's ./bin
folder in the installation directory. The envi=
ronment variable %JS7_AGENT_HOME%
is automatically provided.=
li>
./config
direc=
tory of the Agent. The environment variable %JS7_AGENT_CONF=
IG_DIR%
is automatically provided.Example 1: use of built-in variable %JS7_CREDENTIAL_VALUE%).
%JS7_CREDENTIAL_VALUE%
contains the last row of output to =
stdout.
stdout
(see Example 2: =
output stdout
) controls whether any output is forwarded to std=
out.JAVA_HOME
environment variable has t=
o be set.