publishing to RAM from a jazz build engine ant script
i'm publishing to RAM using the ant tasks from within a jazz build engine. the build engine allows to to save the RTC password in a password file, but it seems like i have to pass the ram userid/password in the clear - is it possible somehow to obfuscate the ram password ?? ideally i'd like to be able to use the same password in the RTC passwordFile
6 answers
On 1/25/2012 5:38 PM, jkelly wrote:
userid and password but you would read these from your local password
file that is only accessible to the ANT process. Also make sure you use
HTTPS for your server connections. In that case the password is
protected when passed to the server. It is only in the "clear" inside
the ANT process itself and nowhere else.
--
Rich Kulp
Rational Asset Manager developer
i'm publishing to RAM using the ant tasks from within a jazz build
engine. the build engine allows to to save the RTC password in a
password file, but it seems like i have to pass the ram
userid/password in the clear - is it possible somehow to obfuscate
the ram password ?? ideally i'd like to be able to use the same
password in the RTC passwordFile
What makes you think it is in the clear? The ANT task requires the
userid and password but you would read these from your local password
file that is only accessible to the ANT process. Also make sure you use
HTTPS for your server connections. In that case the password is
protected when passed to the server. It is only in the "clear" inside
the ANT process itself and nowhere else.
--
Rich Kulp
Rational Asset Manager developer
On 1/25/2012 5:38 PM, jkelly wrote:
i'm publishing to RAM using the ant tasks from within a jazz build
engine. the build engine allows to to save the RTC password in a
password file, but it seems like i have to pass the ram
userid/password in the clear - is it possible somehow to obfuscate
the ram password ?? ideally i'd like to be able to use the same
password in the RTC passwordFile
What makes you think it is in the clear? The ANT task requires the
userid and password but you would read these from your local password
file that is only accessible to the ANT process. Also make sure you use
HTTPS for your server connections. In that case the password is
protected when passed to the server. It is only in the "clear" inside
the ANT process itself and nowhere else.
--
Rich Kulp
Rational Asset Manager developer
What I meant by "in the clear" is that a properties file is in a readable format, so can be inspected by anyone who has access to the build machine (few, but typically more than should know the password). Ideally ram:server would have a passwordFile attribute, so the whole end-to-end process could be consistently secure.
So all I was saying was I consider the RAM/Ant task method to be less secure than the facilities provided by RTC/Ant tasks. compare
<startBuildActivity activityIdProperty="${actId}" label="${actId}" buildResultUUID="${buildResultUUID}" repositoryAddress="${repositoryAddress}" autocomplete="true" userId="${userId}" passwordFile="${passwordFile}" />
with
<ram:server id="ramServer" username="${ram.user.id}" password="${ram.user.passwd}" url="${ram.url}" />
----------------------
It was in this context where i was looking for a solution which didn't mean leaving passwords in clear text on the build machine.
regards
John
Just an FYI in case others are also looking for more info on using ANT with RAM. I did a Youtube video tutorial series on this topic. http://rationalassetmanager.wordpress.com/2009/10/15/scripts-to-automate-asset-use-and-creation/
Carlos
Systems and Software Engineering Jumpstart
Carlos
Systems and Software Engineering Jumpstart
I assume the you can dynamically provide a "decryption" password to decrypt the properties files with the various passwords on them.
Consider http://www.jasypt.org/encrypting-configuration.html
There are many way to incorporate this in Ant e.g., the last append here: http://stackoverflow.com/questions/3423135/how-to-use-encrypted-password-in-apache-basicdatasource
Consider http://www.jasypt.org/encrypting-configuration.html
There are many way to incorporate this in Ant e.g., the last append here: http://stackoverflow.com/questions/3423135/how-to-use-encrypted-password-in-apache-basicdatasource
Just an FYI in case others are also looking for more info on using ANT with RAM. I did a Youtube video tutorial series on this topic. http://rationalassetmanager.wordpress.com/2009/10/15/scripts-to-automate-asset-use-and-creation/
Carlos
Systems and Software Engineering Jumpstart
Hi Carlos - Thanks for the link... wish I'd had that some days ago :-)
As it happens i've also written a blog entry on this "Simplifying publication to Rational Asset Manager using Ant's macrodef"
https://www.ibm.com/developerworks/mydeveloperworks/blogs/greenelk/entry/simplifying_publication_to_rational_asset_manager_using_ant_s_macrodef?lang=en
I assume the you can dynamically provide a "decryption" password to decrypt the properties files with the various passwords on them.
Consider http://www.jasypt.org/encrypting-configuration.html
There are many way to incorporate this in Ant e.g., the last append here: http://stackoverflow.com/questions/3423135/how-to-use-encrypted-password-in-apache-basicdatasource
thanks for that. In fact i ended up writing my own ant tasks to solve this
Comments
Colin Thorne
Jun 05 '14, 11:53 a.m.Is there a new answer to this for the latest versions of RAM? I have downloaded the ramclient.zip from a RAM 7.5.2 server and in the example scripts I see that you can specify a password file in the ant task. The example shows a passwordfile option being passed in a password element in a server task.
John Kelly
Jun 06 '14, 5:15 a.m.i wrote my own Secure Token Provider Ant Task to solve the issue. Have forwarded it to you...