KBEC-00032 - Hiding an application's password with a credential

Summary

Many programs require you to enter or provide a password while you are running. For example, you might want to create a step in ElectricCommander that uses ectool to create a session (using login) for the admin user. If you are adding an operation like this to an ElectricCommander step, you do not want to hardcode the user name and password in the step because they will be exposed for many people to see. Even if you pass the user name and password as a parameter, the cleartext version will appear in the ElectricCommander job step details, making it relatively easy for someone to discover.

Solution

The answer is to use an ElectricCommander feature known as "Attached Credentials".  You can store a user name and encrypted password in ElectricCommander and use it inside a step without exposing it to the outside world. The password is retrieved inside the step and then passed directly to the program that uses it, without ever exposing it to ElectricCommander logs or job-related metadata.

The example below uses Perl to illustrate how to use this solution, but you could use a shell script also.

Examples

Steps

  1. Create a credential on an ElectricCommander project by clicking on the "Credentials" tab of the project and then clicking the "Create Credential" link. Supply a user name and a password in the dialog box. In this example, the name of the credential is "EC Admin".
  2. Create a procedure and a step in the procedure where you want to use the user name and password.
  3. Attach the credential - this allows the step to read the password
    • This is NOT the same as setting an "Impersonation Credential"
    • Scroll to the bottom of the screen to view the section titled, "Attached Credentials"
    • Click the "Attach Credential" link
    • Pick the credential from the dropdown list
  4. Set the step "Shell" field to "ec-perl" (for ElectricCommander 2.x versions on Windows, use "$[/server/Electric Cloud/installDirectory]/perl/bin/perl")
  5. Set the step "Command" field to: example.pl
  6. Run the procedure. You will see the XML response from the ElectricCommander server, showing the session was created.
  7. Now, go back and modify the last two lines to customize this for commands you want to run that require a password.

Applies to

  • Product versions: all
  • OS versions: all
Have more questions? Submit a request

Comments

Powered by Zendesk