The Eclipse secure storage vault eliminates the security risk where the message flow use
to store the password in the plain text format.
About this task
The secure storage password can be accessed from the Eclipse environment, but the runtime
environment cannot access the stored password from the Eclipse secure storage vault. Hence, to
eliminate the security risk, you need to configure the integration server to store the password.
You can configure Eclipse secure storage vault for the integration server by running the
following commands sequentially based on your datasource configuration.
- Datasource is configured with a username and password, but no certificates.
Run step 1, 3,
and 4.
- Datasource is anonymous and has only certificates.
Run step 1, 2, and
4.
- Datasource is configured with a username and password, and has certificates.
Run step 1, 2,
3, and 4.
-
Create a vault in the integration server by using the following command.
mqsivault --work-dir <workdirectory> --create --vault-key <vaultkeyname>
- Store the credentials by using the following command.
mqsicredentials --work-dir <workdirectory> --vault-key <vaultkeyname> --create --credential-type ldap --credential-name <credentialname> --username <username> --password <password>
- Store the credentials in the integration server by using the following
command.
mqsisetdbparms -w <workdirectory> -n ldap::<credentialname> -u username -p <password>
- Start the integration server by using the following command.
IntegrationServer --work-dir <workdirectory> --vault-key <vaultkeyname>
The password is taken from the vault key that is provided in the command.