Introduction
The credential store provides a way to use passwords without exposing these to developers.
The server administrator is responsible for setting up the credential store and filling it with passwords. The server administrator should provide a list of available credentials to developers. These developers can use the identifier of a password.
There are two available ways to store passwords:
- a
json
file on disk; - in the Azure Key Vault.
Note
You can only use one of the methods simultaneously.
Prerequisites
An Azure environment should be available for Azure Key Vault.
Setting up a file-based credential store
The file-based credential store is a json
file that resides on disk, called credential_store.json
. This file must contain a single object, containing a set of key-value pairs, where:
- key is the identifier that developers should use,
- value contains the actual password.
Follow these steps to create a file-based credential store containing one password, with PasswordIdentifer
as an identifier.
Step | Action |
---|---|
1 | Create a new text file in the |
2 | Open |
3 | Enter the following information in the file: { |
4 | Save the file. |
5 | Go to the Superadmin Settings tab. |
6 | Add the following entry to the Server settings: "CredentialStore": { |
The identifier PasswordIdentifier
can now be used by developers and, when used, will result in the password s3cr3tp4ssw0rd
.
Below is an example of a credential_store.json
file for a credential store with multiple passwords.
{
"passwordIdentifier": "secr3tp4ssw0rd"
, "ldapServerPassword": "BBx^W2Vh(7!r_>!%"
, "oracleDatabasePassword": "~5u4$8HtCE>3mXpV"
, ...
}
Setting up an encrypted file-based credential store
It is also possible to create an encrypted file-based credential store. In this case, you set the Type to Encrypted
in the CredentialStore
entry in the Server Settings. It is only possible to add entries in the encrypted credential store using the DataServer command -AddEncryptedPassword
.
-dataserver -AddEncryptedPassword <key> <password>
Follow these steps to create an encrypted file-based credential store containing one password, with PasswordIdentifer
as an identifier.
Step | Action |
---|---|
1 | Go to the Superadmin Settings tab. |
2 | Add the following entry to the Server settings: "CredentialStore": { |
3 | Open a Windows command line prompt and go to the |
4 | Enter the following command: |
Added password entries cannot be removed.
Note
The
-AddEncryptedPassword
command will overwrite existing password values without notification.
Updated 11 months ago