Managing passwords in Stambia DI
A great number of technologies require a password-based authentication: database connections, file transfer protocols (FTP, SFTP, SCP), email servers, SSH servers, web services, etc.
This article provides information about how to handle passwords in the Stambia DI solution.
Do not store clear passwords in variables
Variable values can be consulted in the Session's logs, so it is not recommended to store clear password in variables.
There are many practical and secure ways do define passwords in Stambia DI, depending on the context.
Consider using a Metadata
Most technologies which can be manipulated in Stambia DI, have their own Metadata model.
It is generally a good idea to define authentication parameters (user and password) in a Metadata:
- Stambia DI will store them in a specific encrypted format
- Multiple Configurations can be defined with the credentials for each environment (dev, test, production...)
- At deployment time, these Metadata parameters can be redefined easily and securely
Note: if you cannot find the right Metadata for your technology, please contact the Support team.
When developing processes, simply drag and drop your Metadata on the desired Action. The Action will inherit the credentials from the Metadata.
Encrypt passwords
When you need to pass a password as a parameter to an action or a delivery, always use the encrypted value.
Use the Runtime command encrypt <clearpassword> to get the encrypted value:
> encrypt mypassword
456BF3056AE033C26DDBE5D4746AE78B
This value can be used in the "Encrypted Password" parameters of the action which requires it.
It can also be used in the Runtime's properties, when defining Log database credentials or Runtime security parameters.
