Hi all,
Would like know if somebody has worked with password vault and somehow managed to change the password to avoid security concerns in Datastage
I have just started my thought process to do something like this which could avoid people storing their NUID and password somewhere unsafe and keep the information rather in a safe
Hope we can have a generic discussion on the same
Password Vault
Moderators: chulett, rschirm, roy
-
- Premium Member
- Posts: 54
- Joined: Thu Oct 18, 2007 4:20 am
- Location: Chennai
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
-
- Premium Member
- Posts: 54
- Joined: Thu Oct 18, 2007 4:20 am
- Location: Chennai
Trying to understand the scope of this as well. Are you using "password vault" in a generic sense or is there a specific Enterprise Password Management / Vault tool you are asking about? And would this be for people or applications or both?
-craig
"You can never have too many knives" -- Logan Nine Fingers
"You can never have too many knives" -- Logan Nine Fingers
-
- Premium Member
- Posts: 54
- Joined: Thu Oct 18, 2007 4:20 am
- Location: Chennai
Yes, we are using cyberark.
It is used for both people and application. In the case of peope it will be CheckOut ID (COID) that will rotate every week or some, and for application/DB NUID which might stay static.
There were come instance where NUID were used to login to protected envronment, now NUID have become really non interactive and to add additional security, client has gone towards password vault.
Other application are slowly trying to integrate with Password vault. It is mandate that Datastage follow the same principal.
Thats all I understand about Password Vault. I am trying to figure out, how MFT use Password Vault... May be I might get some tips from them as well
It is used for both people and application. In the case of peope it will be CheckOut ID (COID) that will rotate every week or some, and for application/DB NUID which might stay static.
There were come instance where NUID were used to login to protected envronment, now NUID have become really non interactive and to add additional security, client has gone towards password vault.
Other application are slowly trying to integrate with Password vault. It is mandate that Datastage follow the same principal.
Thats all I understand about Password Vault. I am trying to figure out, how MFT use Password Vault... May be I might get some tips from them as well
I have only used a personal password manager which encrypts a file of passwords.
I have seen certain situations in DataStage, such as when storing password values in parameter sets (type=encrypted, and it's not an environment variable), that require all dependent jobs to be recompiled upon making password changes.
I have seen certain situations in DataStage, such as when storing password values in parameter sets (type=encrypted, and it's not an environment variable), that require all dependent jobs to be recompiled upon making password changes.
Choose a job you love, and you will never have to work a day in your life. - Confucius
We intend to use a script in batch to update the appid passwords stored as environment variables. For daily batch runs, we only reference the variable.
Franklin Evans
"Shared pain is lessened, shared joy increased. Thus do we refute entropy." -- Spider Robinson
Using mainframe data FAQ: viewtopic.php?t=143596 Using CFF FAQ: viewtopic.php?t=157872
"Shared pain is lessened, shared joy increased. Thus do we refute entropy." -- Spider Robinson
Using mainframe data FAQ: viewtopic.php?t=143596 Using CFF FAQ: viewtopic.php?t=157872
I don't have a solution but your post peeked my interest. I too use CyberArk. And CyberArk has the ability to integrate into many applications that when it changes in CyberArk, CyberArk will update the applications as well. Are you trying to have CyberArk update parameter sets values? If so that would really cool and would love to learn how to do it! Because then I can have CyberArk change a password and have it change the DB as well as Datastage.