Using Encrypter password in Hyperion Scripts

Similar Messages

• Encrypting password in shell script on Solaris 10.

  Hi,
  I have a shell script & in that the username & password is specified. I can see the password. Is there any way to encrpyt password in Unix scripts on solaris 10 box.
  Please suggest.
  Thanks & Regards,
  Tejas

  Here are some examples of avoiding passwords in scripts.
  First, if it's a script that needs to use remote login, you could set up ssh keys in the authorized_keys file of the remote system to allow auto-authentication.
  As a more general example, you could create a shell function that prompts for the password and stores it in an environment variable to be used by the script or utility that you want to use. Here is an example that we use in our Red Hat systems to allow yum to tunnel through our http proxy:
  function yumproxy(){
      echo -n "Enter Proxy Username: "
      read -e username
      echo -n "Enter Proxy Password: "
      read -es password
      echo
      export http_proxy="http://$username:$password@ourproxyserver:8080/"
  }This is in .bashrc so that we can run it once just before running any yum commands (not that this means anything in a Solaris forum!)

• JMX - java -  how to connect on MBeans using encrypted password?

  Hi all,
  I am trying to write a java program which connect on weblogic JMX server:
  Map<String, String> jmxEnvMap = new HashMap<String, String>();
  jmxEnvMap.put(JMXConnectorFactory.PROTOCOL_PROVIDER_PACKAGES,
  "weblogic.management.remote");
  jmxEnvMap.put(javax.naming.Context.SECURITY_PRINCIPAL, username);
  jmxEnvMap.put(javax.naming.Context.SECURITY_CREDENTIALS, password); //
  -- How to use the encrypted password value (ex. {3DES}1HQGOlfHha4rhNlqEOvcOQ==) indeed of its clear text value?
  -- How to use userConfigFile/userKeyFile files to connect on the mbeans server?
  Cyryl

  Hi all,
  I am trying to write a java program which connect on weblogic JMX server:
  Map<String, String> jmxEnvMap = new HashMap<String, String>();
  jmxEnvMap.put(JMXConnectorFactory.PROTOCOL_PROVIDER_PACKAGES,
  "weblogic.management.remote");
  jmxEnvMap.put(javax.naming.Context.SECURITY_PRINCIPAL, username);
  jmxEnvMap.put(javax.naming.Context.SECURITY_CREDENTIALS, password); //
  -- How to use the encrypted password value (ex. {3DES}1HQGOlfHha4rhNlqEOvcOQ==) indeed of its clear text value?
  -- How to use userConfigFile/userKeyFile files to connect on the mbeans server?
  Cyryl

• How to use encoded password in shell script ?

  Hi everybody,
  For make a load file in oracle table, I'm using a LKM File to Oracle updatding with a sqlldr (shell script).
  My problem is very simple : For security reason in this shell-script , I don't want to see in clear the password of the Oracle user for database connection. Is it possible and how do it ?
  Thanks in advance

  Hi-
  Yes it is possible by the way of KM custamization, You need to modify LKM call sqlldr via jython step to pass the user info and password as variable instead of ODI method. Try this command in your KM step:
  userid=#GLOBAL.user/#GLOBAL.psw
  Hope this will work for you.
  Thanks,
  Saravanan Rajavel

• Encrypt Password Problem

  I am encrypting a password in my application. The problem I
  am having is that one of my encrypted passwords starts with a
  single quote. This is blowing up my SQL queries. Is there a way to
  force CF to only use alpha or numeric characters?

  I had a similar problem. I found that if I used
  <cfqueryparam> on the password parameter, when checking it
  against the encrypted value in the database, the error went away.
  Below is a sample of the logon verification query that I use in one
  of my applications where I use encrypted passwords.
  <cfquery name="Q1" DATASOURCE="#dbname#">
  SELECT admin_id, expire_date, access_level, enabled
  FROM admin
  WHERE LOWER(logon_name) = LOWER('#form.v_logon_name#')
  AND password = <cfqueryparam value =
  "#encrypt(form.v_password, cookie.pw_seed)#" CFSQLType =
  "CF_SQL_VARCHAR">
  </cfquery>
  Phil

• Powershell script monitor with encrypted password

  I have created a powershell script based monitor in my management pack and everything is ok but I can't get my credentials work inside the script. I want to open pssession to another computer with my credentials. I have triple checked that my pssession is
  working because I can access it from powershell console.
  This works perfectly at local server from PSconsole:
  $EncryptedPassword ="01000000d08c9ddf0115d1118c7a00c04fc297eb01000000534b2....etc...etc..."
  $pw = convertto-securestring -String $EncryptedPassword
  $cred = new-object System.Management.Automation.PSCredential -argumentlist "MyDOMAIN\MyACCOUNT",$pw
  $s = New-PSSession -ComputerName "MyServer" -Port MyPort -Credential $cred
  But when I run the same lines inside my management pack the convertto-securestring
  does nothing, it just wont convert the encrypted password to secure string!
  I have tried this plain text method and it works
  inside my management pack, but I don't want to use it because you can see the password in plain text:
  ConvertTo-SecureString -String "myPlainTextPassword" -AsPlainText -Force
  This is the $error variable, so it's basically says that I don't have anything in the password secure string variable because the convertion did not work for some reason:
  The argument is null. Provide a valid value for the argument, and then try running the command again. Cannot process argument transformation on parameter 'Credential'. PromptForCredential Exception calling ".ctor" with "2" argument(s):
  "Cannot process argument because the value of argument "password" is null. Change the value of argument "password" to a non-null value." The system cannot find the file specified. Exception calling "SecureStringToBSTR"
  with "1" argument(s): "Value cannot be null. Parameter name: s" The system cannot find the file specified. Exception calling "SecureStringToBSTR" with "1" argument(s): "Value cannot be null. Parameter name: s"
  The system cannot find the file specified. 
  So is there some known issue with SCOM Agent / management pack when you are dealing with convertto-securestring
  function with encrypted passwords?
  I used these methods to encrypt the password: Technet article about encryption

  I got it to work!
    <TypeDefinitions>
      <EntityTypes>
        <ClassTypes>
          <ClassType ID="MyClass" Accessibility="Public" Abstract="false" Base="Windows!Microsoft.Windows.LocalApplication" Hosted="true" Singleton="false" Extension="false"
  />
        </ClassTypes>
      </EntityTypes>
      <SecureReferences>
        <SecureReference ID="MyRunAsAccountProfile" Accessibility="Public" Context="System!System.Entity" />
      </SecureReferences>
  <ScriptBody>param (
    [string]$Username,
    [string]$Password
  $API = new-object -comObject "MOM.ScriptAPI" 
  $PropertyBag = $API.CreatePropertyBag()
  $cred = New-Object System.Management.Automation.PSCredential -Argumentlist @($Username,(ConvertTo-SecureString -String $Password -AsPlainText -Force))
  $s = New-PSSession -ComputerName "myserver" -Credential $cred
  Invoke-Command -Session $s -ScriptBlock { $service = Get-Service -Name Spooler}
  $invcom = Invoke-Command -Session $s -ScriptBlock { $service.status}
  Remove-PSSession -Id $s.Id
  if ($invcom.Value -ne "Running") {
  $PropertyBag.AddValue("State","ERROR") 
  $outputLongLine = "Spooler Service is not running on target server!" 
  $PropertyBag.AddValue("Description", $outputLongLine)
  else {
  $PropertyBag.AddValue("State","OK") 
  $outputLongLine = "Spooler is Running on target server."
  $PropertyBag.AddValue("Description", $outputLongLine) 
  $PropertyBag</ScriptBody>
  <Parameters>
  <Parameter>
  <Name>Username</Name>
   <Value>$RunAs[Name="MyRunAsAccountProfile"]/Domain$\$RunAs[Name="MyRunAsAccountProfile"]/UserName$</Value>
  </Parameter>
  <Parameter>
  <Name>Password</Name>
  <Value>$RunAs[Name="MyRunAsAccountProfile"]/Password$</Value>
  </Parameter>

• Encrypt sensitive passwords in shell script - Which one do you prefer ?

  Hi ,
  I am looking for various options to encrypt a sensitive password in a unix shell script. After a bit of googling, I learned about 'shc'.
  Can you please advice on what things you use for this purpose, if any ?
  My requirement / idea is
  A .sql file will have to be executed by a shell script in SQLPLUS as USER/XXXX . The .sql file will be prepared by developer and will be put to a directory to which their osuser - say 'user1' will have write access. I will have 'oracle' user in the server , who is the DBA user. I want them to run this SQL like, runthis.sh test.sql where runthis.sh is owned by oracle user and will reside in some directory owned by DBA user. I am planning to configure schema password (USER/XXXX) in runthis.sh , which a developer is not supposed to know.
  But if I give execute permission for 'user1' to runthis.sh, it becomes readable and all can read the password. Is there anyway , I can store encrypted password in SQLPLUS connect string in this file / encrypt shell script as such ?
  Thanks in Advance.
  With Regards,
  SSN

  The Oracle account should be identical to the O/S account, and set up as 'externally identified'
  But heck, why I am explaining it when it is all on your doorstep, accessible 7 x 24 hrs, at http://tahiti.oracle.com
  Sybrand Bakker
  Senior Oracle DBA

• How to encrypte password using form 6i?

  Dear all,
  How to encrypte password using form 6i?
  Best Regards,
  Amy
  Edited by: amychan60 on Sep 29, 2008 8:23 PM

  DBMS_CRYPTO and DBMS_OBFUSCATION_TOOLKIT packages provide APIs for data encryption.
  Note: 102902.1 - Encrypting Data using the DBMS_OBFUSCATION_TOOLKIT package
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=102902.1
  Note: 197400.1 - Example Code Encrypting Credit Card Numbers
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=197400.1
  Developing Applications Using Data Encryption
  http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/apdvncrp.htm

• Encrypted Password in AIAConfigurationProperties.xml

  Hi,
  During the installation of Primavera P6 to EBS Projects PIP, the Password is getting encrypted in the Service Configuration in AIAConfigurationProperties.xml. Is there any script that we can run so that we can avoid the encryption of the password there by having the flexibility to change the un-encrypted Password as and when required?
  <Property name="User.P6EPPM_01.Name">primavera</Property>
  <Property name="User.P6EPPM_01.pwd">Se8bfsuMJNvYmKB4mg9L3w==</Property>
  Your pointers will be highly appreciated!
  Regards,
  Chaitanya

  Try this:
  There's a script that can be used to re-encrypt a new password. If the cleartext password is, say, welcome1, do the following -
  - Go to AIA_HOME/Infrastructure/install/install/wlscripts/config
  - Run command: ./encrypt.sh welcome1
  This is useful for re-encrypting any of the passwords that are captured during installation in the deploy.properties file. I can't say for sure that it is the same encryption that is used for the P6 credentials, but it's worth a try.

• How to encrypt password in serverstopper class??

  Hi,
  I have configured the weblogic server as windows service and currently using boot identity file for username/pw to startup. To enable graceful shutdown of the server, i am using serverstopper class. But to facilitate changing of pw, i am reading the password from a property file in which the password is stored in plain text format. Is there a way to encrypt the password and configure serverstopper class to use the encrypted password or the serverstopper class can use boot identity file to shutdown? When i tried the serverstopper class without username/pw, i am not able to shutdown the service and getting anonymous user can't shutdown the service. Thanks in advance for your reply.
  Thanks,
  Kuppusamy.V.,

  Hi Kuppuswamy,
  Here is the simple "WLST interpreter script", I didn't have time so tried to keep java code as simple as possible(didn't follow good coding practices :-( ). Before executing this java program you need to generate keys. Below is the procedure for that.
  Assumption :-
  BEA_HOME :- /usr/VASVijay/bea10mp1
  WL_HOME :- BEA_HOME/wlserver_10.0
  1) Go to WL_HOME/server/bin and set the environment by executing "setWLSEnv.sh".
  2) Then execute below command which generate "userconfig" and "userkey" files in the directory you had execute this command
  java weblogic.Admin -adminurl t3://adminserverl:port -username <adminusername> -password <adminpassword> -userconfigfile userconfig -userkeyfile userkey -STOREUSERCONFIG
  This command prompts for "Y" or "N", select "Y", then creates two files "userconfig" and "userkey"
  3) Validate above keys are correct, execute below command
  java weblogic.Admin -adminurl t3://adminserverl:port -userconfigfile userconfig -userkeyfile userkey -GETSTATE
  Above command should display "RUNNING".
  4) Compile below java code and execute. Change the server name(VASMS1) in "shutdown('VASMS1','Server') according to your server name.
  import java.util.*;
  import weblogic.management.scripting.utils.WLSTInterpreter;
  import org.python.util.InteractiveInterpreter;
  public class VASServerShutdown
  static InteractiveInterpreter interpreter = null;
  VASServerShutdown()
  interpreter = new WLSTInterpreter();
  private static void connect()
  StringBuffer buffer = new StringBuffer();
  buffer.append("connect(userConfigFile='/usr/VASVijay/VASDomains/VASNewDomain/userconfig',userKeyFile='/usr/VASVijay/VASDomains/VAS
  NewDomain/userkey',url='t3://localhost:8001') \n");
  buffer.append("print(cmo)");
  interpreter.exec(buffer.toString());
  public static void serverShutdown()
  StringBuffer buffer = new StringBuffer();
  buffer.append("shutdown('VASMS1','Server')");
  interpreter.exec(buffer.toString());
  public static void main(String args[])
  new VASServerShutdown();
  connect();
  serverShutdown();
  Let me know if you have any issues or you require something additional.
  Thanks.
  Vijay Bheemineni.
  Edited by: VAS Vijay Bheemineni on Nov 3, 2009 9:18 PM

• How to hide user id and password in batch scripts

  Hi,
  Can some one help me to hide the user id and password in batch scripts that used to automate Export and Action script execution process.
  Context : In my project client doesn't want display user id and password hence they are looking for secured way to hide them.
  Thanks for your answer in advance.
  Regards,
  Sainath.

  Sainath,
  Referring admin guide as mentioned by Craig is good option.
  Let me give you few steps that I did in one of my projects.
  Open command prompt and navigate to the path "C:\Oracle\Middleware\EPMSystem11R1\products\DataRelationshipManagement\client\batch-client".. here you can see many see other utilities as well.
  drm-batch-client-credentials.exe is the one used to encrypt the userid and password.
  open this in command prompt and then choose the application to which you want to encrypt the password.
  then remove userid and password from batch script then run it... it does what you want

• SOA10g: Encrypt Password in oc4j-ra.xml file.

  I am using ftp adapter for SFTP operations. Is there any way to encrypt the password in oc4j-ra.xml file.
  I was trying to use encrypt.bat to encrypt the password..but when i hit the enter button , the screen gets closed.
  Pls tell me how to achieve this in soa 10g.
  Thanks,
  AB

  This is done via the 'encrypt.bat' or 'encrypt.sh' script located in your SOA Suite install.
  cd %ORACLE_HOME%\bpel\bin
  encrypt.bat mypassword
  Use the output of this command in your oc4j-ra.xml file.
  (Thank You Ahmed!! http://blog.thisisahmed.com/)

• Open An Encrypted, Password Protected Saprsebundle Disk Image With iPhone?

  Is it possible to open an encrypted, password protected sparsebundle disk image using an iPhone/iPad/iPod Touch that is stored on a NAS drive connected to an AirPort Extreme Base Station?
  If so, how do I do it?
  If not, would you be able to explain why not?
  Thanks, Alex

  Hi Robert,
  > Once you through a sudo in there, you lose the option
  to have a regular user
     That's not really true. Sudo is one of the most flexible commands around and not only can a regular user use it but they can use it without a password. Mind you I'm not suggesting that you make all users admins; you can specify both of these privileges for this command only. All you have to do is to put a line like the following in your /etc/sudoers file. (with sudo visudo of course)
  ALL ALL = NOPASSWD: /usr/bin/hdiutil create -encryption -certificate*-stdinpass -type SPARSE -fs "HFS+" -volname-size
  I've included wildcards so that the cert file, volume name, size and image are arbitrary but the others must be in the user's command to qualify. I realize that you'll want different options to use FileVault certs but I don't know how to do that so I used your original example as my example.
     Of course it wouldn't be that easy for your lusers to get all of those options correct so the next thing you do is to wrap the command, with it's sudo preface, in a shell script that parses the cert file, volume name, size and image from the options the user passes to the script and puts those into the command with the right syntax. If you want to get really fancy, the script could prompt the user for any arguments that were omitted. Your lusers will think that you created this really cool command and never know that sudo was involved.
  Gary
  ~~~~
     If you give a man enough rope, he'll claim he's tied up
     at the office.

• APEXExport Utility - Encrypt Password?

  Hi,
  I was wondering if there's a way to encrypt the password for the APEXExport utility? The utility works very nicely, but due to security purposes, I can't have the unencrypted password sitting there. I wanted to schedule it to run daily as a job, but the password would be an issue on the server.
  Thanks,
  Nora

  If you've licensed the Advanced Security Option for the database, you can use the Oracle Wallet Manager to store encrypted passwords for use with batch utilities and shell scripts.
  Tyler

• Encryption Password

  Dear all,
  I have the shell script which will inovke the SQL statement to run on the XYZ schema, to run SQL we need to connect to the Database Schema, to connect to the Database we need to pass user id and password as argument along with shell script execution.
  My Question is When I execute the shell script we dont want parameterise the password or not to hard code, kindly let us know how to run the schell script without passing password and without hardcoding the password.

  You have more than one option to do this ;
  Option 1 : i need to check from your database version
  Option 2 :
  - save your password in the file .
  -Use crypt Command in linux
  -In your script :
  export ORACLE_PW=$(crypt `hostname` < encrypted.pwd)
  in your script you could use -- > sqlplus -L ${ORACLE_USER}/${ORACLE_PW}@${ORACLE_SID}