Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 70

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 71

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: 'Server Key Files' added

...

The Credential Store provides the following features: 

  • Storage of configuration information for use in a jump host / DMZ.
    Display feature availability
    StartingFromRelease1.12.2

...

  • Compliance:
    • All sensitive configuration information is encrypted.
    • Access to the Credential Store can be securely protected by password, key file or password and key file - "password-free" authentication is possible.
  • Management
    • Configuration information can be centrally managed outside of a file transfer environment.
  • Deployment
    • The same file transfer config. file can be used for prod and dev environments - only the CS needs to be changed
  • The Credential Store can be used for configuration information for a file transfer source, target, proxy and  jump host / DMZ.
    Display feature availability
    StartingFromRelease1.12.2
  • The Credential Store can be used for configuration information for pre- and post-processing operations.

Anchor
example
example
Example Description

The example presented in this article illustrates the configuration and use of the Credential Store in a simple file transfer operation that is carried out with the YADE Client.

The file transfer operation is based on the file transfer example described in The YADE Client Command Line Interface - Tutorial 1 - Getting Started article. The tutorial describes the configuration required to download a number of files from an online server provided by the SOS GmbH and save these files on the user's local file system. Using this server means that users can get a working example up and running with a minimum of effort. A simplified version of the configuration used in the tutorial (

The example presented in this article illustrates the configuration and use of the Credential Store in a simple file transfer operation that is carried out with the YADE Client.

The file transfer operation is based on the file transfer example described in The YADE Client Command Line Interface - Tutorial 1 - Getting Started article. The tutorial describes the configuration required to download a number of files from an online server provided by the SOS GmbH and save these files on the user's local file system. Using this server means that users can get a working example up and running with a minimum of effort. A simplified version of the configuration used in the tutorial (only specifying transfer by FTP) is available as a download: sos-berlin_demo_2_local.xml.

...

Configuration in the XML Editor

Info
titleTip

The XML Editor includes up-to-date documentation for elements as can be seen in the screenshot below, which shows the documentation for the Hostname element.

The parts of the XML configuration relevant to the use of the Credential Store are shown in the following screenshot of the configuration for the current example, with parameter values highlighted according to their function:

...

Code Block
languagexml
titleCall on Windows systems
C:\Program Files\sos-berlin.com\jade\client\bin>jade.cmd -settings="%USERPROFILE%\jade_demo\sos-berlin_demo_2_local_cs.xml" -profile="ftp_server_2_local_cs"

After the YADE command has finished execution the number of files transferred can be read from the log file.

Note that the log files neither indicate that a credential store has been use for the transfer nor reveal any passwords. 

Download Example

A download is available containing a full XML configuration file for Windows users and .kdbx database: jade_demo.zip

Windows users with the necessary permissions will be able to use these files by unpacking the zip file to a jade_demo folder in their User directory.

Users of other operating systems may have to make minor configuration changes.

Advanced Configuration

Key File Authentication

Key file authentication can be used for the Credential Store either alone or together with the password authentication described in the example above.

This option allows the the Credential Store to be used completely securely, yet without passwords, if required.

Key file authentication has to be configured for the Credential Store and in the XML settings file.

Configuring key file authentication for the Credential Store

KeePass provides a Create Composite Master Key function that is reached with the Files / Master Key... menu item. screen

The Create Composite Master Key function is shown in the following screenshot  (Note that the Show expert options checkbox has to be selected first.):

Note also that the Master Password checkbox should not be selected if key file authentication is to be used without a master password.

Image Removed

The entropy of the key generated can be increased as part of the key creation procedure. This is done as part of the key generation procedure in the interface shown in the next screenshot.

Image Removed

For the purpose of this article the key has been saved in the jade_demo folder used for the download example.

The next section describes the configuration of the XML settings file to include a reference to this file.

Configuring key file authentication in the XML settings file

_local_cs"

After the YADE command has finished execution the number of files transferred can be read from the log file.

Note that the log files neither indicate that a credential store has been use for the transfer nor reveal any passwords. 

Download Example

A download is available containing a full XML configuration file for Windows users and .kdbx database: jade_demo.zip

Windows users with the necessary permissions will be able to use these files by unpacking the zip file to a jade_demo folder in their User directory.

Users of other operating systems may have to make minor configuration changes.

Advanced Configuration

Key File Authentication

Key file authentication can be used for the Credential Store either alone or together with the password authentication described in the example above.

This option allows the the Credential Store to be used completely securely, yet without passwords, if required.

Key file authentication has to be configured for the Credential Store and in the XML settings file.

Configuring key file authentication in the Credential Store

KeePass provides a Create Composite Master Key function that is reached with the Files / Master Key... menu item. screen

The Create Composite Master Key function is shown in the following screenshot  (Note that the Show expert options checkbox has to be selected first.):

Note also that the Master Password checkbox should not be selected if key file authentication is to be used without a master password.

Image Added

The entropy of the key generated can be increased as part of the key creation procedure. This is done as part of the key generation procedure in the interface shown in the next screenshot.

Image Added

For the purpose of this article the key has been saved in the jade_demo folder used for the download example.

The next section describes the configuration of the XML settings file to include a reference to this file.

Configuring key file authentication in the XML settings file

Key file authentication is configured in the XML settings file by specifying a KeyFileAuthentication element as a child of the CSAuthentication element in the Credential Store fragment.

The key file element can be added either instead of or alongside a password authentication element as required.

This is shown in the following list:

  • CredentialStoreFragments
    • CredentialStoreFragment name ="ftp_demo"
      • CSFile file path%USERPROFILE% \jade_demo....
      • CSAuthentication
        • PasswordAuthentication
          • .CSPassword password
        • KeyFileAuthentication
          • CSKeyFile path to key file ....
      • CSEntryPath

Server authentication key files

The Credential Store can be used to store RSA and similar server authentication key files. The first key file for an Entry is stored in the Credential Store database as an attachment. Further key files are stored as using my_custom_field parameters.

Configuring authentication key files in the Credential Store

A first attachment is added to the Credential Store in KeePass in the File Attachments section of the Advanced tab as shown in the screenshot below:

Image Added

Configuring authentication key files in the XML settings file

A first attachment for, for example SSH would be configured in the XML settings file by specifying an AuthenticationFile element in the SSHAuthentication elementKey file authentication is configured in the XML settings file by specifying a KeyFileAuthentication element as a child of the CSAuthentication element in the Credential Store fragment.

The key file element can be added either instead of or alongside a password authentication element as required.

This following list shows the configured of the SFTP Fragment required to carry out the download from the test.sos-berlin.com SFTP/FTP server that was used for the simple example described above: The AuthenticationFile element as required.

This is shown in the following list:

that specifies the Attachment in the Credential Store Entry is specified in the same way as the Hostname and other elements described in the example above.

  • SFTPFragment name ="sftp_demo_sos-berlin_cs"
    • BasicConnection
      • Hostname cs://demo/sftp/demo_on_test.sos-berlin.com@attachment
    • SSHAuthentication
      • Account
      • AuthenticationMethodPublicKey
        • AuthenticationFile cs://demo/sftp/demo_on_test.sos-berlin.com@attachment
      • CredentialStoreFragmentRef ref="ftp_demo"
    CredentialStoreFragments
    • CredentialStoreFragment name ="ftp_demo"
      • CSFile file path  %USERPROFILE%\jade_demo....
      • CSAuthentication
        • PasswordAuthentication
          • .CSPassword password
        • KeyFileAuthentication
          • CSKeyFile path to key file ....
      • CSEntryPath demo/ftp/....

See Also:

...