Page 1 of 1
Password Vault
Posted: Wed Jul 30, 2014 2:09 pm
by thanush9sep
Hi all,
Would like know if somebody has worked with password vault and somehow managed to change the password to avoid security concerns in Datastage
I have just started my thought process to do something like this which could avoid people storing their NUID and password somewhere unsafe and keep the information rather in a safe
Hope we can have a generic discussion on the same
Posted: Wed Jul 30, 2014 10:08 pm
by ray.wurlod
Not me. I remember all my passwords (about forty of them, all strong).
Posted: Thu Jul 31, 2014 8:21 am
by thanush9sep
All smiles Ray
This is a intiative taken by our client to make sure the password are rotated every some fixed duration, currently it is not the case. We can hear lot of news that there credit card information were hacked ...
Posted: Fri Aug 01, 2014 9:07 pm
by qt_ky
What are the security concerns? Could you rephrase the question?
Posted: Fri Aug 01, 2014 10:08 pm
by chulett
Trying to understand the scope of this as well. Are you using "password vault" in a generic sense or is there a specific Enterprise Password Management / Vault tool you are asking about? And would this be for people or applications or both?
Posted: Tue Aug 05, 2014 11:34 am
by thanush9sep
Yes, we are using cyberark.
It is used for both people and application. In the case of peope it will be CheckOut ID (COID) that will rotate every week or some, and for application/DB NUID which might stay static.
There were come instance where NUID were used to login to protected envronment, now NUID have become really non interactive and to add additional security, client has gone towards password vault.
Other application are slowly trying to integrate with Password vault. It is mandate that Datastage follow the same principal.
Thats all I understand about Password Vault. I am trying to figure out, how MFT use Password Vault... May be I might get some tips from them as well
Posted: Wed Aug 06, 2014 7:45 am
by qt_ky
I have only used a personal password manager which encrypts a file of passwords.
I have seen certain situations in DataStage, such as when storing password values in parameter sets (type=encrypted, and it's not an environment variable), that require all dependent jobs to be recompiled upon making password changes.
Posted: Wed Aug 06, 2014 11:41 am
by FranklinE
We intend to use a script in batch to update the appid passwords stored as environment variables. For daily batch runs, we only reference the variable.
Posted: Thu Aug 21, 2014 9:23 am
by MrBlack
I don't have a solution but your post peeked my interest. I too use CyberArk. And CyberArk has the ability to integrate into many applications that when it changes in CyberArk, CyberArk will update the applications as well. Are you trying to have CyberArk update parameter sets values? If so that would really cool and would love to learn how to do it! Because then I can have CyberArk change a password and have it change the DB as well as Datastage.