h1. JADE Credential Store
See more information about Credential Store here http://www.sos-berlin.com/mediawiki/index.php/Using_CredentialStore_to_securely_store_authentication,_connection_and_other_parameters
Setup KeePassX DB as Credential Store
Download KeePassX and create kdb file
JADE Credential Store (CS) only support KeePassX DB version 1.0
one can download KeePassX desktop utility from https://www.keepassx.org/downloads/
Setup Credential Store with Password
Step 1: Setup KeePassX DB
- Open the KeePassX utility
- Choose Password as Master Key
- Assign password to KeePass DB and click OK
JADE will use the Master key i.e. "password" give during creation process as access password of KeePassX DB.
Setup Credential Store with PPK key
- Start KeePassX utility
- Click on Key File as Master key
- Browse for pre generated ssh key as Master key
- Click Ok and KeePassX will open and will be ready to add new entries.
Create Credential Store entries
Create Credential Store entry for FTP server
KeePassX DB can organize entries in logical groups, using groups and sub-groups.
One can organize Credential in groups i.e. Internal-Server, External-Server etc, user is free to choose there own organization scheme, for JADE it's make no difference.
- Create new top group i.e. sos
- create new sub group i.e. server
- create new entry wilm.sos for settings
- {}Title{*} : will be used as Key in hierarchy to access the credentials.
- {}Username{*} : field used to specify username , username used for file transfer , i.e. ftp/sftp username
- {}Password{*} : password field is used to specify password , user can use the internal password generation mechanism to specify strong passwords
- {}Comment{*} : can contain extra parameters for JADE along with credentials, all/any JADE parameter can be specified in Comment section.
- {}Expires{*} : expiry date for the entry, user can define its own expiry period i.e. 90 days , or check option Never. <be/> JADE will through an error if KeePassX DB entry is not valid.
- {}Attachment{*} : can have any file used during transfer i.e. public key
Create Credential Store entry for SFTP server
JADE profile(s) with Credential Store
Setup global credential Store profile
Define an profile having all the parameters concerning Credential store. JADE can reuse any profile defined in same jade_settings.ini.
It's recommended to create such fragments and reuse them in prfiles.
Other side User can define multiple KeePassX DB's i.e. Test, Integration, Production and create corresponding profiles for different environment.
Setup global credential Store profile with Password
; Global Profile for KeePassX Database WithPassword [Keepass_DataBase_WithPassword] use_credential_Store = true CredentialStore_FileName = C:\sos-berlin.com\jade\credential-store\keepassX-test.kdb CredentialStoreAuthenticationMethod = password CredentialStore_password = *********
Setup global credential Store profile with Public Key
; Global Profile for KeePassX Database With Public Key [Keepass_DataBase_WithPublicKey] use_credential_Store = true CredentialStore_FileName = C:\sos-berlin.com\jade\credential-store\keepassX-test.kdb CredentialStoreAuthenticationMethod = privatekey CredentialStore_KeyFileName = C:\sos-berlin.com\jade\config\jade_cs_rsa.ppk
Setup JADE profile for FTP
In this example we are including Credential store settings from global KeePassX database profile Keepass_DataBase_WithPassword .
JADE then will open the KeePassX DB and refer the entry sos/server/wilma.sos , we have already defined this settings in the KeePassX DB http://www.sos-berlin.com/mediawiki/index.php/Setting_up_%27%27JADE%27%27_with_Credential_Store#Create_Credential_Store_entry_for_FTP_server .
source_CredentialStore_KeyPath : JADE will refer the entry from KeePassX DB.
source_include : include Credential Store settings.
[ReceiveUsingKeePass]
source_include = Keepass_DataBase_WithPassword
source_CredentialStore_KeyPath = sos/server/wilma.sos
source_dir = /tmp/test/jade/out
source_make_dirs = true
source_transfer_mode = ascii
target_protocol = local
target_dir = $\{TEMP\}/jade/in
operation = copy
file_spec = \.txt$
transfer_mode = ascii
Setup JADE profile for SFTP
[ReceiveUsingKeePass]
source_CredentialStore_KeyPath = sos/server/8of9.sos
source_include = Keepass_DataBase_WithPassword
source_dir = /tmp/test/jade/out
source_make_Dirs = true
source_transfer_mode = ascii
target_protocol = local
target_dir = $\{TEMP\}/jade/in
operation = copy
file_spec = \.txt$
transfer_mode = ascii
An Example Server to Server Transfer Profile using Credential Transfer
A profile definition for Server to Server transfer, from a ftp to a sftp server:
[transfer_server_2_server]
include = Keepass_DataBase_WithPassword
file_spec = ^.*\.txt$
operation = copy
source_CredentialStore_KeyPath = sos/server/wilma.sos
source_dir = /tmp/test/jade/out
target_CredentialStore_KeyPath = sos/server/8of9.sos
target_dir = $\{TEMP\}/jade/in
In this example all files with the file name extension ".txt" should be transferred from the server "wilma" via ftp to the server 8of9 by sftp.
To start this with the command line client one must type
jade.sh -settings=name_of_settings_file -profile=transfer_server_2_server
Profile fragments SFTP with Public Key :TBD
To make the profile more reusable and readable it is possible to reuse profiles snippets in the way like this:
Profile fragments SFTP with Public Key :TBD
To make the profile more reusable and readable it is possible to reuse profiles snippets in the way like this:
For infos about the parameters see the parameter documentation on jadeParameterReference.