| Table of Contents | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
Description of
...
SOS Credential Store
- The "Password Safe" (
...
- Credential Store, CS) offers possibilities to store encrypted connection data and any other data securely and
...
- independently of an application (i.e. JADE).
...
- Access to the CS is only possible with
...
- access methods such as SSH key or password.
- Currently CS is using "KeePass" and "KeePassX" with the db version 1.0, thus CS can be used on most popular OS platforms.
- The advantage of using CS is
...
- that CS
...
- stores the credentials (and
...
- other information/parameters)
...
- into a standardized, secure and encrypted database, i.e. Keepass. JADE will access the CS
...
- database using a standard interface. The CS
...
- database can only be
...
- accessed using
...
- password, encryption-key file (ppk) or a combination of both. The CS
...
- password is
...
- used to encrypt the contents stored in the CS
...
- database with AES.
- CS can
...
- be used
...
- to securely store information
...
- or parameters
...
- ,
...
- database connection URL, runtime decryption key and other access data.
Following The following information can be retrieved from CS 's standard fields:
- Feature: UserID : The
...
- user identification of the user who is authorized for the operation.
- Feature: Password : Assigned password for the user.
- Feature: Server-Name : Target
...
- server name or IP
...
- address
- Feature: Notes : In
...
- the notes
...
- section of the CS other parameters/options can be stored, i.e.
...
- JADE parameters,
...
- database connection URL etc. The extra options are defined in a similarly way as
...
- used on the command line.
- Feature: File-Attachment : Any
...
- files such as PGP
...
- files, SSH private key
...
- files can be stored in the CS as
...
- attachments.
...
- Applications will retrieve the attached file
...
- at run-time and will delete the file
...
- immediately
...
- once operation is
...
- completed.
Parameter used by SOSCredentialStore
| Panel | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Parameter
...
CredentialStore_ProcessNotesParams
...
: Process additional parameters from
...
notes
...
field
- In
...
- the notes
...
- field of the CS
...
- database extra parameters like
...
- a database connection string , Proxy server IP etc. can be defined. These parameters will be processed with
...
- other parameters defined in settings file, JITL parameters
...
- . If a parameter with the same name is defined in the
...
- notes
...
- section
...
- then the parameter value in
...
- the notes
...
- of the CS will have priority.
| Code Block | ||
|---|---|---|
| ||
-dburl=test -verbose=2 -password=12345 |
...
- The notes
...
- properties of KeePass can be used to store extra parameters, i.e. options such as
...
- a database connection string, proxy server settings etc.
- Data-Type : SOSOptionBoolean
- The default value for this parameter is:
false. - Use together with parameter:
- use_credential_Store - use credential store for authentication
- Alias: CS_ProcessNotesParams
Parameter
...
CredentialStore_OverwriteExportedFile
...
- At
...
- run-time JADE can export the file
...
- stored in the attachment
...
- field of the CS
...
- database to the local file system.
...
- For example If the attached file is an SSH key and JADE
...
- had to use the
...
- key file for
...
- file transfer operations. JADE will export the attached file into a predefined directory i.e. $HOME/.ssh. To avoid any unwanted overwriting of
...
- existing
...
- files in the $HOME/.ssh folder
...
- set this parameter as
...
- false
...
- .
- Data-Type: SOSOptionBoolean
- The default value for this parameter is:
true. - Use together with parameter:
- use_credential_Store - use credential store for authentication
- Alias: CS_OverwriteExportedFile
Parameter
...
CredentialStore_Permissions4ExportedFile
- At
...
- run-time JADE can export the file defined in the attachment filed of the CS
...
- database to the local file system.
...
- For example If the attached file is an SSH key and JADE
...
- wants to use the
...
- key file for
...
- file transfer operations then JADE will export the attached file to a predefined directory, i.e. $HOME/.ssh, and the key file should have specific permissions.
...
| Code Block | ||
|---|---|---|
| ||
-CredentialStore_Permissions4ExportedFile="600" |
- Data-Type: SOSOptionString
- The default value for this parameter is:
600. - Use together with parameter:
- use_credential_Store - use credential store for authentication
- CredentialStore_ExportAttachment - Export attached file to disc
- Alias: CS_Permissions4ExportedFile
Parameter
...
CredentialStore_DeleteExportedFileOnExit
...
: Delete Attachment On Exit of Application
- At
...
- run-time JADE will export the attached file of a CS to the local file system
...
- and once its operation is completed
...
- and irrespective of operation's status
...
- by default JADE will delete this file. In special
...
- cases, e.g. for debuging
...
- , if you want
...
- JADE
...
- not to delete the file
...
- then set this parameter as
...
-
false. - Data-Type : SOSOptionBoolean
- The default value for this parameter is
true. - Use together with parameter:
- use_credential_Store - use credential store for authentication
- Alias: CS_DeleteExportedFileOnExit
Parameter
...
CredentialStore_ExportAttachment
...
: Export attached file to disc
...
- JADE
...
- can export a file that is stored in the CS
...
- database as attachment to the local file
...
- system. By default JADE
...
- does not export attached
...
- files.
- Data-Type: SOSOptionBoolean
- The default value for this parameter is:
false. - Alias: CS_ExportAttachment
Parameter
...
CredentialStore_ExportAttachment2FileName
...
: Name of the extracted attachment file
To use the file stored in the CS as attachment , during an operation, JADE has to export the attached file on to the local file - system. To Use this parameter to define the name of exported file name on local filesystem , use this parameterin the local file system.
| Code Block | ||
|---|---|---|
| ||
-CredentialStore_ExportAttachment2FileName="archive_server_ras.ppk" |
- Data-Type: SOSOptionOutFileName
- Use together with parameter:
- use_credential_Store - use credential store for authentication
- Alias: CS_ExportAttachment2FileName
Parameter
...
CredentialStore_KeyFileName
...
: Name of the File containing the private Key
Credential store Store can be accessed by the JADE using an a private key or with using a password or a combination of both. define Define the path/location of the ssh SSH key file using this parameter.
| Code Block | ||
|---|---|---|
| ||
-CredentialStore_KeyFileName="jade_cs_rsa.ppk" |
- Data-Type: SOSOptionInFileName
- Use together with parameter:
- use_credential_Store - use credential store for authentication
- Alias: CS_KeyFileName
Parameter
...
CredentialStore_password
...
: Password for CS
The Credential store Store can be accessed by the JADE using an a private key or with using a password or a combination of both. define Define the CS 's access password using this parameter. "IMP" always set Hint: always use a strong password for CS.
| Code Block | ||
|---|---|---|
| ||
-CredentialStore_password="55ybr293N!2BButnY4,w" |
Data-Type: SOSOptionPassword
Use together with parameter:
- use_credential_Store - use credential store for authentication
Alias: CS_password
Parameter
...
CredentialStore_AuthenticationMethod
...
: Authentication Method for the CS
There are three possible combination combinations of Authentication authentication methods.
| Code Block | ||
|---|---|---|
| ||
-CredentialStoreAuthenticationMethod="password"
--- OR ---
-CredentialStoreAuthenticationMethod="privatekey"
--- OR ---
-CredentialStoreAuthenticationMethod="password+privatekey"
<source>
| ||
| No Format |
...
- Data-Type: SOSOptionString
- The default value for this parameter is:
privatekey. - Use together with parameter:
- use_credential_Store - use credential store for authentication
- This parameter is mandatory.
- Alias: CS_AuthenticationMethod
Parameter
...
CredentialStore_StoreType
...
: The Type of the crendential store application
- At present only "KeePass" as CS
...
- database is supported and only
...
KeePass
...
- as valid parameter value is permitted.
- Data-Type: SOSOptionString
- The default value for this parameter is:
KeePass. - Use together with parameter:
- use_credential_Store - use credential store for authentication
- Alias: CS_StoreType
Parameter
...
CredentialStore_KeyPath
...
: Path and Key for the credentials
- This
...
- option specifies the path of the
...
- access key for
...
- access to the credential store..
- Credential store can be accessed by the JADE using
...
- a private key or
...
- using a password or a combination of both.
...
- Define the path/location of the
...
- SSH key file using this parameter.
| Code Block | ||
|---|---|---|
| ||
-CredentialStore_KeyFileName="/ssh/server1/sap-upload" |
- Data-Type: SOSOptionString
- Use together with parameter:
- use_credential_Store - use credential store for authentication
- This parameter is mandatory.
- Alias: CS_KeyPath
Parameter
...
CredentialStore_FileName
...
: Name of Credential Database
- The path and name of the KeePass or KeePassX
...
- database file with the file extension
...
- .kdb
...
- .
| Code Block | ||
|---|---|---|
| ||
Command-Line : jade.sh -CredentialStoreFileName="/etc/keystore/sap_jade.kdb" |
...
| Code Block | ||
|---|---|---|
| ||
Java API : CSOptions.CredentialStoreFileName.Value("/etc/keystore/sap_jade.kdb"); |
- Data-Type : SOSOptionInFileName
- Use together with parameter:
- use_credential_Store - use credential store for authentication
- This parameter is mandatory.
- Alias: CS_FileName
Parameter
...
use_credential_Store
...
: use credential store for authentication
- If you want to store your access data, i.e. user
...
- id, password, SSH key,
...
- database connection string in an encrypted CS
...
- database,
...
- then enable this parameter and configure
...
- access to the CS accordingly. By default JADE will look for the parameters from
...
- its configuration file, from the command line or from the JITL
...
- Job.
- Data-Type: SOSOptionBoolean
- The default value for this parameter is:
false.
Example of JADE Profile using Credential Store : jade_setting.ini
...
| No Format |
|---|
{{ [Keepass_DataBase_WithPassword] use_credential_Store = true CredentialStore_FileName = R:\backup\sos\java\development\com.sos.VirtualFileSystem\keepassX-test.kdb CredentialStore_KeyPath = sos/server/homer.sos CredentialStore_password = testing </source> <source> [ReceiveUsingKeePass] include = Keepass_DataBase_WithPassword source_CredentialStore_KeyPath = sos/server/homer.sos source_include = Keepass_DataBase_WithPassword source_Dir = /tmp/test/jade/out source_make_Dirs = true source_loadClassName = com.sos.VirtualFileSystem.FTP.SOSVfsFtp2 target_protocol = local target_dir = /tmp/test/jade/in operation = copy file_spec = \.txt$ transfer_mode = ascii source_transfer_mode = ascii loadClassName = com.sos.VirtualFileSystem.FTP.SOSVfsFtp2 </source> }} |