Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 102

changes.mady.by.user Alan Amos

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The Credential Store (CS) allows sensitive data to be encrypted and stored securely and independently of the application(s) such as YADE and the JobScheduler YADE JITL Jobs that use this data.
  • The advantage of using a CS is that the CS stores sensitive information such as credentials in a standardized, secure and fully encrypted database and sensitive authentication information is not exposed in use. Applications access the CS database by using password, encryption-key file or a combination of both.
  • The CS requires the use of a standard open database format (.kdb or .kdbx ), which allows the use of graphical and API interfaces across the most relevant operating systems.

Scope

This article is in two parts:

  • The first part describes the use of the Credential Store in a relatively simple example file transfer

...

  • configuration. The configuration described can be used to transfer files from a live server and a download containing the configuration file is available so that users can get a working Credential Store up

...

  • , running and tested as easily as possible.

...

  • The second part of the article describes Credential Store configuration elements not covered by the example configuration. In addition, the use of the Credential Store in with the JobScheduler YADE JITL jobs is described

This article does not attempt to provide a step-by-step description of file transfer configuration, which is available elsewhere in this article, for example, in the tutorials for YADE and the JobScheduler.

Feature Summary

The Credential Store provides the following features: 

...

  • All sensitive configuration information is encrypted.
  • Access to the Credential Store can be securely protected by password, key file or password and key file.
    "Password-free" authentication is possible.
  • Connection Authentication files such as public key files are used without being written to the file system.

...

  • Configuration information can be centrally managed outside of a file transfer environment.

...

  • The same file transfer configuration file can be used for development and production environments - only the Credential Store needs to be changed during deployment.

...

  • The Credential Store can be used for the following configuration information:
    • file transfer source, target, proxy and  jump host / DMZ,
    • pre- and post-processing operations.
  • The Credential Store can be used for file transfers carried out with both the YADE Client and the JobScheduler JADEJob and JADE4DMZJob JITL jobs.

...

for example, in the tutorials for YADE and the JobScheduler.

Anchor
example
example
Example Description

The example presented in this article illustrates the configuration and use of the Credential Store in two as part of a simple file transfer operations:operation - downloading files from an online server to the user's local file system

...

.

Each The configuration is stored in an XML XML settings file and includes the elements specifying the Credential store and the file transfer as a whole. This settings file that can then be used by both the YADE Client and by the YADE JITL jobs that are provided with the JobScheduler.

The simple downloading from an online server example operation described in this article is based on the simple file transfer example that is described in detail in The YADE Client Command Line Interface - Tutorial 1 - Getting Started article. The This tutorial describes the configuration required to download a number of files from an online server provided by the SOS GmbH and save these files on the user's local file system. Using this server means that users can get a working example up and running with a minimum of effort. A simplified version of the configuration used in the tutorial (only specifying transfer by FTP) is available as a download: sos-berlin_demo_2_local.xml's local file system. Using this server together with the downloaded configuration file means that users can get a working example up and running with a minimum of effort.

In the current example, the Credential Store is to store configuration information for the online server - i.e. for the file transfer source. The principle described can be equally well used for the configuration of multiple file transfer source, target, proxy and jump-host servers and for the other file transfer protocols that can be used by the YADE Client.

Note that a YADE Client

...

or JobScheduler Master is required to carry out the example file transfer. Instructions for installing

...

and configuring the YADE Client can be found in the YADE - Tutorials article. Instructions for installing and configuring the JobScheduler can be found in the JobScheduler Master - Installation Guide series of articles.

The example configuration file can be downloaded here:

Configuration Procedure for the Example

Installing the Credential Store and configuring the KeePass database

KeePass 2, which is just one of the applications available for creating and configuring .kdb or .kdbx databases, has been used in the current article to implement the Credential Store database and is used in the screenshots. The installation and use of KeePass 2 is described on the KeePass Web Site.

...

Credential Store databases are stored as either .kdb or .kdbx  files on the file system.the file system.

The database included with the download files was configured as followsFor the examples described in the current article the following database was configured (on a Windows system):

  • Path: %USERPROFILE%.\jade_demo\keepass\demo_credcredential_store.kdbx
  • Master Password: sos

Note that a Master Key file can be used to provide further protection for the database, either instead of or in addition to the Master Password. This is described in the Advanced Configuration section of this article below but has not been configured for the download database.

Anchor
add_entry
add_entry
Adding connection information to the Credential Store

...

  • Title: The identifier for the Entry, this could be a string containing, for example, the host name/server name.
  • User name: The user identification of a user account who is authenticated for the operation.
  • Password: Assigned password for a user account or passphrase for a private key.
  • URL: The host name/server name or IP address of the server.
  • Notes: This block can be used to specify additional parameters for the file transfer.
  • File Attachment & String Fields: Files such as PGP or SSH private keys can be stored as attachments.
    • A first file is specified as an attachment .
    • Further files are specified using String field parameter / value pairpairs.
      YADE will retrieve the contents of an attached file at run-time - intermediate or temporary files are not created when reading attachments.
      Note that Attachments and String Fields are specified in the KeePass GUI via the AdvancedEdit Entry tab.

...

The Transfer Target Directory

As can be seen in the The screenshot above , the shows a CopyTarget.Directory parameter is by default set for a Windows environment and set to:

  • ${USERPROFILE}\jade_demo\transfer_receive

...

Note that the log files neither indicate that a credential store has been use for the transfer nor reveal any passwords. 

Show If
useraa

Download Example

A download is available containing a full XML configuration file for Windows users and .kdbx database: jade_demo.zip

Windows users with the necessary permissions will be able to use these files by unpacking the zip file to a jade_demo folder in their User directory.

Users of other operating systems may have to make minor configuration changes.

Anchor
jitl
jitl
Using the Credential Store with the JobScheduler JITL YADE jobs

...