Infrastructure (Server, Network, Database)

cancel
Showing results for 
Search instead for 
Did you mean: 

How to encrypt machine agent and database agent credentials?

How to encrypt machine agent and database agent credentials?

Hello,

 

I am looking for an option to encrypt database agent and machine agent credentials in .xml. I tried doing it on .net agent and figured out that the encryption has to be done at installation time. Is there a way where we can encrypt account name & pwd? If yes, the do we need to install JRE on the servers for this encryption functionality?

 

Why I am asking this is, I installed machine agent with JRE bundle (which didnt asked me to install the JRE on the server) and now if encryption is possible then does it ask me to install JRE on the server? is this the same case for DB agent as a windows service?

 

Total environment is windows server 2012

 

Please advise.

 

Thanks

Sandeep

How to encrypt machine agent and database agent credentials?
19 REPLIES 19
Architect

Re: How to encrypt machine agent and database agent credentials?

Hi Sandeep,

 

Did you try the steps on the following link:

https://docs.appdynamics.com/display/PRO44/Encrypt+Agent+Credentials

 

https://docs.appdynamics.com/display/PRO44/Encrypt+Credentials+in+.NET+Agent+Configuration

 

The jars that provide the encryption are included in the agent bundle and for running a java agent or machine agent on a server, you need a jre either the one that comes with the agent or on the server but not both at the same time.

 

Thanks!

Re: How to encrypt machine agent and database agent credentials?

Thanks for the reply Gurmitsa,

 

1. Then what about db agent? it doesnot come with JRE bundle.

 

2. My main concern is that I am installing machine agents and db agets without installing JRE on server. I used same "jre" folder which comes in machine agent budle, copy and paste in database agent installation folder (refering to this offline lib. I installed the db agent), this worked. Now if I need to use encryption concept, running these "secure-credential-store-api-1.3.0.0.jar" and "scs-api-1.0.0.jar" without Java installed on the server is possible? I tried with offline jre libraries, it didn't work.

 

Thanks

Sandeep

Highlighted
Architect

Re: How to encrypt machine agent and database agent credentials?

What is the error you get?

Re: How to encrypt machine agent and database agent credentials?

this is the command I am trying to run

D:\machineagent-bundle-64bit-windows-4.4.2.742\jre\bin>java -jar D:\machineagent-bundle-64bit-windows-4.4.2.742\lib\secure-credential-store-api-1.3.0.0.jar generate_ks -filename 'D:/Appdynamics/mysecretKeyStore' -storepass 'Welcome1' -plaintext 'Welcome2'

 

and this is the error:
no main manifest attribute, in D:\machineagent-bundle-64bit-windows-4.4.2.742\lib\secure-credential-store-api-1.3.0.0.jar

Architect

Re: How to encrypt machine agent and database agent credentials?

You have the wrong command, (also the slash were incorrect)

You have to first run (i removed -plaintext argument, that is part of encrypt)

D:\machineagent-bundle-64bit-windows-4.4.2.742\jre\bin>java -jar D:\machineagent-bundle-64bit-windows-4.4.2.742\lib\secure-credential-store-api-1.3.0.0.jar generate_ks -filename 'D:\Appdynamics\mysecretKeyStore' -storepass 'Welcome1'

 

Once the above is done, you run the encrupt as below

D:\machineagent-bundle-64bit-windows-4.4.2.742\jre\bin>java -jar D:\machineagent-bundle-64bit-windows-4.4.2.742\lib\secure-credential-store-api-1.3.0.0.jar encrypt -filename 'D:\Appdynamics\mysecretKeyStore' -storepass 'Welcome1' -plaintext 'Welcome2'

Re: How to encrypt machine agent and database agent credentials?

Thanks for correcting the command. I thuought system would throw an error something like "path not recognized"; "path is incorrect" or something if "\" "/" was used wrongly.

 

It's still the same error executing the command

java -jar D:\machineagent-bundle-64bit-windows-4.4.2.742\lib\secure-credential-store-api-1.3.0.0.jar generate_ks -filename 'D:\Appdynamics\mysecretKeyStore' -storepass 'Welcome1

 

attaching the screen shot.

New Poster

Re: How to encrypt machine agent and database agent credentials?

I am having the same issue where I get the "no main manifest attribute, in ./lib/scs-api-1.0.0.jar" error when trying to setup a keystore.  Did this get resolved?  Could you share the resolution?

 

Thanks,

michael

Re: How to encrypt machine agent and database agent credentials?

Yes! Are you using <database_agent_home>/lib/scs-api-1.0.0.jar?

Re: How to encrypt machine agent and database agent credentials?

Hi Michael,

 

Are you sure about having that file in the location? As far as I remember, there was no such file in /lib, I manually copied that file from machine agent java lib. to DB agent java /lib

 

Let me know

 

Thanks

Sandeep