Best practice to pass DB password as Parameter

chetan.c · Post by **chetan.c** » Tue Jul 24, 2012 5:33 am

Hi,

I would like to know what is the best practice to securely pass the DB password to a job.

Currently I have it defined as Environment variable(encrypted).
Is this the best way to do it?

All the other required parameters are fetched from the table.

Thanks,
Chetan.C

ArndW · Post by **ArndW** » Tue Jul 24, 2012 5:36 am

As long as you keep the password in encrypted fields so that they are not easily visible then you've done as much as possible. I like to keep such passwords as encrypted project-level environment variables.

dspwr11 · Post by **dspwr11** » Tue Jul 24, 2012 5:44 am

Thanks Arnd.

ray.wurlod · Post by **ray.wurlod** » Tue Jul 24, 2012 5:58 am

In version 8.7 you can encrypt the password using the encrypt.sh utility and use that encrypted password directly on the dsjob command line or in the file referred to by that command's -file option.

chetan.c · Post by **chetan.c** » Tue Jul 24, 2012 6:32 am

Thanks Ray.
I'm currently using it to encrypt the Datastage password.
Will extend it to the DB password too.

Thanks,
Chetan.C

chetan.c · Post by **chetan.c** » Tue Jul 24, 2012 8:29 am

Just encrypted the password and used it in the job.Its working fine.
Thanks Arnd and Ray.