cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to encrypt machine agent and database agent credentials?

Hello,

 

I am looking for an option to encrypt database agent and machine agent credentials in .xml. I tried doing it on .net agent and figured out that the encryption has to be done at installation time. Is there a way where we can encrypt account name & pwd? If yes, the do we need to install JRE on the servers for this encryption functionality?

 

Why I am asking this is, I installed machine agent with JRE bundle (which didnt asked me to install the JRE on the server) and now if encryption is possible then does it ask me to install JRE on the server? is this the same case for DB agent as a windows service?

 

Total environment is windows server 2012

 

Please advise.

 

Thanks

Sandeep

19 REPLIES 19

yes...

$ java -jar ./lib/scs-api-1.0.0.jar generate_ks -filename testKeyStore -storepass teststorepass
no main manifest attribute, in ./lib/scs-api-1.0.0.jar

it is there...

 

$ ls ./lib/scs-api-1.0.0.jar
./lib/scs-api-1.0.0.jar

 

if i specify the wrong path to the jar it would have an error like this:

$ java -jar ./wrongpath/scs-api-1.0.0.jar generate_ks -filename testKeyStore -storepass teststorepass
Error: Unable to access jarfile ./wrongpath/scs-api-1.0.0.jar

Is there any other file part from "scs-api-1.0.0.jar"? something like 'scs-tool-1.0.0.jar"?

I checked my scripts, "scs-api" didn't work for me. I used "scs-tool"

Unfortunately the newer version of the dbagent does not include the '*scs-tool*' jar.

 

-mp

Neither the old one. How to get it then?

1. Download the machine

2. Go Jre folder and dig deep into lib folder and look for scs-tool

3. copy and paste it in db agent /lib folder

 

If you look at the AppD documentation it specifically says to use the api jar for the dbagent though...

 

https://docs.appdynamics.com/display/PRO45/Encrypt+Agent+Credentials#EncryptAgentCredentials-Initial...

 

Before you can encrypt or obfuscate passwords, you must run the secure credential store utility to create the keystore for your secret encryption key. The agent distribution includes the secure credential store utility in the following locations:

  • Java Agent: <javaagent_home>/verX.X.X.X/utils/scs/scs-tool.jar
  • Machine Agent: <machine_agent_home>/lib/secure-credential-store-api-1.3.0.0.jar
  • Database Agent: <database_agent_home>/lib/scs-api-1.0.0.jar

*machine agent*

Yes, but api wont work. I was around this issue for 3 days and after having a call with AppD engineer, he told us to use "scs-tool".

 

This will be same case for machine agent "secure-credential-store-tool-1.3.0.0.jar" as well as db agent "scs-tool-1.0.0.jar". 

 

Using 'tool' instead of 'api' will cause no issues.

Did it work? if yes, please share your answer, which might be helpful for community.

 

Thanks

Sandeep Chigullapally