Password Vault

thanush9sep · Post by **thanush9sep** » Wed Jul 30, 2014 2:09 pm

Hi all,

Would like know if somebody has worked with password vault and somehow managed to change the password to avoid security concerns in Datastage

I have just started my thought process to do something like this which could avoid people storing their NUID and password somewhere unsafe and keep the information rather in a safe

Hope we can have a generic discussion on the same

ray.wurlod · Post by **ray.wurlod** » Wed Jul 30, 2014 10:08 pm

Not me. I remember all my passwords (about forty of them, all strong).

thanush9sep · Post by **thanush9sep** » Thu Jul 31, 2014 8:21 am

All smiles Ray

This is a intiative taken by our client to make sure the password are rotated every some fixed duration, currently it is not the case. We can hear lot of news that there credit card information were hacked ...

qt_ky · Post by **qt_ky** » Fri Aug 01, 2014 9:07 pm

What are the security concerns? Could you rephrase the question?

chulett · Post by **chulett** » Fri Aug 01, 2014 10:08 pm

Trying to understand the scope of this as well. Are you using "password vault" in a generic sense or is there a specific Enterprise Password Management / Vault tool you are asking about? And would this be for people or applications or both?

thanush9sep · Post by **thanush9sep** » Tue Aug 05, 2014 11:34 am

Yes, we are using cyberark.

It is used for both people and application. In the case of peope it will be CheckOut ID (COID) that will rotate every week or some, and for application/DB NUID which might stay static.

There were come instance where NUID were used to login to protected envronment, now NUID have become really non interactive and to add additional security, client has gone towards password vault.

Other application are slowly trying to integrate with Password vault. It is mandate that Datastage follow the same principal.

Thats all I understand about Password Vault. I am trying to figure out, how MFT use Password Vault... May be I might get some tips from them as well

qt_ky · Post by **qt_ky** » Wed Aug 06, 2014 7:45 am

I have only used a personal password manager which encrypts a file of passwords.

I have seen certain situations in DataStage, such as when storing password values in parameter sets (type=encrypted, and it's not an environment variable), that require all dependent jobs to be recompiled upon making password changes.

FranklinE · Post by **FranklinE** » Wed Aug 06, 2014 11:41 am

We intend to use a script in batch to update the appid passwords stored as environment variables. For daily batch runs, we only reference the variable.

MrBlack · Post by **MrBlack** » Thu Aug 21, 2014 9:23 am

I don't have a solution but your post peeked my interest. I too use CyberArk. And CyberArk has the ability to integrate into many applications that when it changes in CyberArk, CyberArk will update the applications as well. Are you trying to have CyberArk update parameter sets values? If so that would really cool and would love to learn how to do it! Because then I can have CyberArk change a password and have it change the DB as well as Datastage.