Password Alias attribute for dcm:key and dcm:certificate elements

ibm-datapower / datapower-configuration-manager

IBM DataPower Configuration Manager and IBM UrbanCode plugin

https://developer.ibm.com/urbancode/plugin/websphere-datapower-configuration-manager/

46 stars 51 forks source link

Password Alias attribute for dcm:key and dcm:certificate elements #86

Open zfivgas opened 6 years ago

zfivgas commented 6 years ago

The dcm:certificate and dcm:key elements indicate a password attribute however that is deprecated. Is there password alias attribute that can be used?

nhmathis commented 6 years ago

Could you please further explain your error? Which targets are you expecting to use? I'm not seeing references to a deprecated password attribute.

richgroot commented 6 years ago

zfivgas - I don't believe that DCM has not yet been updated to handle password aliases. Anyone can submit a pull request, if you want to take a stab at it. Otherwise I'll see if I can get to it this week or next.

On Mon, Jan 29, 2018 at 7:55 AM, Nick Mathison notifications@github.com wrote:

Could you please further explain your error? Which targets are you expecting to use? I'm not seeing references to a deprecated password attribute.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ibm-datapower/datapower-configuration-manager/issues/86#issuecomment-361270122, or mute the thread https://github.com/notifications/unsubscribe-auth/ADuMmvbobXn2-L3uS3ZqHR7aWv7lhcSjks5tPdvMgaJpZM4RXDyw .

zfivgas commented 6 years ago

@nhmathis The use of passwords in certain objects like certificates and keys (http://www-01.ibm.com/support/docview.wss?uid=swg21702755) has been deprecated since v7.2.

http://www-01.ibm.com/support/docview.wss?uid=swg21634531#dr720

@richgroot I would probably do more harm than good trying to update the code. I am not in any rush as this will be an enhancement to some of our process automation. Thank you!

samdjones commented 4 years ago

This missing feature has also irritated me for quite some time and I'm quite sure it has lost DCM some users over the years.

That said, I wouldn't worry too much about using a deprecated DP feature in pre-production environments. So you are ok where you absolutely need deployments to be fully automated (e.g. CI/CD pipelines).

When it comes to production, you can minimize the pain by using the "objects-from-def" DCM task and a definition file with something like this:

enabled Blah blah blah ${my.password}

</dcm:object-create>`

Then post-deploy you will just need to manually use the UI to select the correct PasswordAlias for all your Key objects. Good enough for a handful of passwords; bad luck if you have dozens I'm afraid...