Re: How to encrypt machine agent and database agen... - Page 2 - Community

Sandeep.Chigullapally · ‎03-27-2018

Hello,

I am looking for an option to encrypt database agent and machine agent credentials in .xml. I tried doing it on .net agent and figured out that the encryption has to be done at installation time. Is there a way where we can encrypt account name & pwd? If yes, the do we need to install JRE on the servers for this encryption functionality?

Why I am asking this is, I installed machine agent with JRE bundle (which didnt asked me to install the JRE on the server) and now if encryption is possible then does it ask me to install JRE on the server? is this the same case for DB agent as a windows service?

Total environment is windows server 2012

Please advise.

Thanks

Sandeep

Michael.Palassis · ‎08-07-2018

yes...

$ java -jar ./lib/scs-api-1.0.0.jar generate_ks -filename testKeyStore -storepass teststorepass
no main manifest attribute, in ./lib/scs-api-1.0.0.jar

Michael.Palassis · ‎08-07-2018

it is there...

$ ls ./lib/scs-api-1.0.0.jar
./lib/scs-api-1.0.0.jar

if i specify the wrong path to the jar it would have an error like this:

$ java -jar ./wrongpath/scs-api-1.0.0.jar generate_ks -filename testKeyStore -storepass teststorepass
Error: Unable to access jarfile ./wrongpath/scs-api-1.0.0.jar

Sandeep.Chigullapally · ‎08-07-2018

Is there any other file part from "scs-api-1.0.0.jar"? something like 'scs-tool-1.0.0.jar"?

Sandeep.Chigullapally · ‎08-07-2018

I checked my scripts, "scs-api" didn't work for me. I used "scs-tool"

Michael.Palassis · ‎08-07-2018

Unfortunately the newer version of the dbagent does not include the '*scs-tool*' jar.

-mp

Sandeep.Chigullapally · ‎08-07-2018

Neither the old one. How to get it then?

1. Download the machine

2. Go Jre folder and dig deep into lib folder and look for scs-tool

3. copy and paste it in db agent /lib folder

Michael.Palassis · ‎08-07-2018

If you look at the AppD documentation it specifically says to use the api jar for the dbagent though...

https://docs.appdynamics.com/display/PRO45/Encrypt+Agent+Credentials#EncryptAgentCredentials-Initial...

Before you can encrypt or obfuscate passwords, you must run the secure credential store utility to create the keystore for your secret encryption key. The agent distribution includes the secure credential store utility in the following locations:

Java Agent: <javaagent_home>/verX.X.X.X/utils/scs/scs-tool.jar
Machine Agent: <machine_agent_home>/lib/secure-credential-store-api-1.3.0.0.jar
Database Agent: <database_agent_home>/lib/scs-api-1.0.0.jar

Sandeep.Chigullapally · ‎08-07-2018

*machine agent*

Sandeep.Chigullapally · ‎08-07-2018

Yes, but api wont work. I was around this issue for 3 days and after having a call with AppD engineer, he told us to use "scs-tool".

This will be same case for machine agent "secure-credential-store-tool-1.3.0.0.jar" as well as db agent "scs-tool-1.0.0.jar".

Using 'tool' instead of 'api' will cause no issues.

Sandeep.Chigullapally · ‎08-14-2018

Did it work? if yes, please share your answer, which might be helpful for community.

Thanks

Sandeep Chigullapally

Infrastructure (Server, Network, Database)

How to encrypt machine agent and database agent credentials?

How to encrypt machine agent and database agent credentials?