RTC command line interface - password encryption
Folks,
The documentation I've found so far is unclear and the forum searches provide answers that, while correct, are far too specific to provide a clear example of how password encryption works. So, the question is this.... How do I ... provide a userid/password one (1) time, ever, have it stored encrypted, and use it later for any script. To flip it around, I NEVER want to put a userid/password pair in clear text in ANY script. I am willing to create a cache, once (ever), ... but then want to always reference the cache from a script no matter how many times the script is run. The documentation and forum answers seem to hint that the first time a script is run, it must provide authentication in clear text and then subsequent commands can use the cache. |
4 answers
Hi Kevin,
Run "scm login" from a command prompt. "scm login" stores the credentials along with the repository url and repository id in a file named repositories.txt file which can be found under $HOME/.jazz-scm. These credentials (password is encrypted) will be maintained in the repositories.txt file until 'scm logout' command is run. So it would be available across different runs of your build script and hence you need not have to specify the credentials in your script. If your build script doesn't configure the CLI's configuration directory location (by setting the SCM_CONFIG_DIRECTORY environment variable or by specifying the --config command line option) then you can stop here else follow further. If your build script specifies the config directory location then copy the repositories.txt file found under $HOME/.jazz-scm to the config directory location specified in the build script. Hope this helps! Cheers, Sridevi RTC SCM CLI Comments The need is to have an offline PWD file ready (like we create using JBE build engine) and use this file to login to scm as well , otherwise it means during scm login command we must always type the password when executing a scm command the first time.
Is there a WorkItem enhancement for this or shall i submit one?
Updating as you have raised the enhancement request: https://jazz.net/jazz/web/projects/Rational%20Team%20Concert#action=com.ibm.team.workitem.viewWorkItem&id=295660 |
Hi Kevin, I believe the closest thing available at this time is explained in the following post which describes where the -c option on scm login stores the cached pwd.
https://jazz.net/forum/questions/65727/using-quotscm-loginquot-command-with-c-option-cache-pw At this time there isn't a way that I am aware of to store the login information to a file like the JBE does for continual re-use. |
This feature was added in RTC 6.0.3 in Provide a way to login using CLI by specifying password encrypted file and not the password itself (295660)
Per the help documentation (https://www.ibm.com/support/knowledgecenter/SSCP65_6.0.5/com.ibm.team.scm.doc/topics/login.html) :
-You would use 'scm login --generatePasswordFile <path_to_file>' to first generate the password file.
-Then once generated, this file can be re-used at any time using 'scm login --password-file <path_to_file>'.
Note: This password file is encrypted, and thus we do not allow users to create it by 'hand' (which would defeat the purpose of encoding it in the first place). |
