pasUnity Credential Management

Written By Gary Fletcher

Blogs pasUNITY Products

This article shines a spotlight on the new Credential Management feature in pasUnity 4.32.0.0

Often times we build jobs where either the impeller or a job step need to have credentials hard-coded into them.  This is uncool for a number of reasons. 
  1. If credentials are used in multiple jobs or job steps and the data changes we need to make multiple edits.
  2. Anyone that can see the job code can see the credentials (unless of course we are using the handy Reveal macro implemented a couple months ago).
  3. Hard to know where the credentials are being used.
To combat this we have added a new node at both the system and agent levels.  When you click it you will see a UI like the one below that shows you a list of your credentials and lets you click on one to see a list of key/value pairs stored within the credential that can be accessed with the new Credential macro.



By default clicking on a credential gives you access to only the key names within it and a history of where it has been used (as shown below) and in what context.



The default view is create for job authors because they can see the credentials to know their names and they click on them to see what key value pairs are defined but unless they click Show Credential Details (which requires a certain set of permissions) they cannot see the value.  This is enough to write jobs without have to blur the line between developer and administrator.

Clicking Show Credential Details will show the values though and enable you to add new ones, edit existing ones, and delete unneeded values.



To use these values you write Credential macros.

Example 1:  You have defined a single credential object that represents business unit 101 to store all of your usernames and passwords as shown below:


To access the SUN user name write the following macro: <Credential|101|SUNUserName>
At run-time this will extract the value of the SUN user name from the credential and log that the 101 credential has been used.

Example 2: You have defined multiple credentials for a single business unit as shown below; one for each system that you need to access to ensure that the usages of the credentials are logged separately.


To access the SUN user name write the following macro: <Credential|101-SUN|UserName>
To access the FTP user name write the following macro: <Credential|101-FTP|UserName>
 
Example 3: You may only want to define credentials as overrides to a default value.  In the code below we dynamically extract a password if a credential exists and if it does not we use a default password.

<Credential|<Parameter|Property>-FTP|Password|default|false>

In this example the <Parameter|Property> resolves first and concatenates with –FTP (i.e. 101-FTP) used to lookup a credential.  If the credential is not found or does not have a password attribute the word default is returned.  The value of false on the end tells pasUNITY not to throw an exception if credential 101-FTP is not found.

When credentials are defined at both the agent and system levels with the exact same name the order of precedence during execution is to find an agent-scoped credential first and failing that to look at the system level.
 

Follow Us

2024-07-16 09:10:09
© 2003 - 2024 pasUNITY, Inc. | Terms Of Use | Privacy Statement