Did it work? if yes, please share your answer, which might be helpful for community.
Thanks
Sandeep Chigullapally
Yes, but api wont work. I was around this issue for 3 days and after having a call with AppD engineer, he told us to use "scs-tool".
This will be same case for machine agent "secure-credential-store-tool-1.3.0.0.jar" as well as db agent "scs-tool-1.0.0.jar".
Using 'tool' instead of 'api' will cause no issues.
*machine agent*
If you look at the AppD documentation it specifically says to use the api jar for the dbagent though...
https://docs.appdynamics.com/display/PRO45/Encrypt+Agent+Credentials#EncryptAgentCredentials-InitializetheSecureCredentialStore
Before you can encrypt or obfuscate passwords, you must run the secure credential store utility to create the keystore for your secret encryption key. The agent distribution includes the secure credential store utility in the following locations:
- Java Agent: <javaagent_home>/verX.X.X.X/utils/scs/scs-tool.jar
- Machine Agent: <machine_agent_home>/lib/secure-credential-store-api-1.3.0.0.jar
- Database Agent: <database_agent_home>/lib/scs-api-1.0.0.jar
Neither the old one. How to get it then?
1. Download the machine
2. Go Jre folder and dig deep into lib folder and look for scs-tool
3. copy and paste it in db agent /lib folder
Unfortunately the newer version of the dbagent does not include the '*scs-tool*' jar.
-mp
I checked my scripts, "scs-api" didn't work for me. I used "scs-tool"
Is there any other file part from "scs-api-1.0.0.jar"? something like 'scs-tool-1.0.0.jar"?
it is there...
$ ls ./lib/scs-api-1.0.0.jar
./lib/scs-api-1.0.0.jar
if i specify the wrong path to the jar it would have an error like this:
$ java -jar ./wrongpath/scs-api-1.0.0.jar generate_ks -filename testKeyStore -storepass teststorepass
Error: Unable to access jarfile ./wrongpath/scs-api-1.0.0.jar
yes...
$ java -jar ./lib/scs-api-1.0.0.jar generate_ks -filename testKeyStore -storepass teststorepass
no main manifest attribute, in ./lib/scs-api-1.0.0.jar
Hi Michael,
Are you sure about having that file in the location? As far as I remember, there was no such file in /lib, I manually copied that file from machine agent java lib. to DB agent java /lib
Let me know
Thanks
Sandeep
Yes! Are you using <database_agent_home>/lib/scs-api-1.0.0.jar?
I am having the same issue where I get the "no main manifest attribute, in ./lib/scs-api-1.0.0.jar" error when trying to setup a keystore. Did this get resolved? Could you share the resolution?
Thanks,
michael
Thanks for correcting the command. I thuought system would throw an error something like "path not recognized"; "path is incorrect" or something if "\" "/" was used wrongly.
It's still the same error executing the command
java -jar D:\machineagent-bundle-64bit-windows-4.4.2.742\lib\secure-credential-store-api-1.3.0.0.jar generate_ks -filename 'D:\Appdynamics\mysecretKeyStore' -storepass 'Welcome1
attaching the screen shot.
You have the wrong command, (also the slash were incorrect)
You have to first run (i removed -plaintext argument, that is part of encrypt)
D:\machineagent-bundle-64bit-windows-4.4.2.742\jre\bin>java -jar D:\machineagent-bundle-64bit-windows-4.4.2.742\lib\secure-credential-store-api-1.3.0.0.jar generate_ks -filename 'D:\Appdynamics\mysecretKeyStore' -storepass 'Welcome1'
Once the above is done, you run the encrupt as below
D:\machineagent-bundle-64bit-windows-4.4.2.742\jre\bin>java -jar D:\machineagent-bundle-64bit-windows-4.4.2.742\lib\secure-credential-store-api-1.3.0.0.jar encrypt -filename 'D:\Appdynamics\mysecretKeyStore' -storepass 'Welcome1' -plaintext 'Welcome2'
this is the command I am trying to run
D:\machineagent-bundle-64bit-windows-4.4.2.742\jre\bin>java -jar D:\machineagent-bundle-64bit-windows-4.4.2.742\lib\secure-credential-store-api-1.3.0.0.jar generate_ks -filename 'D:/Appdynamics/mysecretKeyStore' -storepass 'Welcome1' -plaintext 'Welcome2'
and this is the error:
no main manifest attribute, in D:\machineagent-bundle-64bit-windows-4.4.2.742\lib\secure-credential-store-api-1.3.0.0.jar
What is the error you get?
Thanks for the reply Gurmitsa,
1. Then what about db agent? it doesnot come with JRE bundle.
2. My main concern is that I am installing machine agents and db agets without installing JRE on server. I used same "jre" folder which comes in machine agent budle, copy and paste in database agent installation folder (refering to this offline lib. I installed the db agent), this worked. Now if I need to use encryption concept, running these "secure-credential-store-api-1.3.0.0.jar" and "scs-api-1.0.0.jar" without Java installed on the server is possible? I tried with offline jre libraries, it didn't work.
Thanks
Sandeep
Hi Sandeep,
Did you try the steps on the following link:
https://docs.appdynamics.com/display/PRO44/Encrypt+Agent+Credentials
https://docs.appdynamics.com/display/PRO44/Encrypt+Credentials+in+.NET+Agent+Configuration
The jars that provide the encryption are included in the agent bundle and for running a java agent or machine agent on a server, you need a jre either the one that comes with the agent or on the server but not both at the same time.
Thanks!
Hello,
I am looking for an option to encrypt database agent and machine agent credentials in .xml. I tried doing it on .net agent and figured out that the encryption has to be done at installation time. Is there a way where we can encrypt account name & pwd? If yes, the do we need to install JRE on the servers for this encryption functionality?
Why I am asking this is, I installed machine agent with JRE bundle (which didnt asked me to install the JRE on the server) and now if encryption is possible then does it ask me to install JRE on the server? is this the same case for DB agent as a windows service?
Total environment is windows server 2012
Please advise.
Thanks
Sandeep
