MFT credentials file format
The MQMFTCredentials.xml file contains sensitive user ID and password information. The elements in the MQMFTCredentials.xml file must conform to the MQMFTCredentials.xsd schema. The security of credentials files is the responsibility of the user.
The useMQCSPAuthentication parameter enables and disables MQCSP authentication for a Managed File Transfer agent. You can set this parameter in the MQMFTCredentials.xml file. For more information, see Enabling connection authentication for MFT.
![[MQ 9.2.0 Jul 2020]](ng920.gif)
From IBM® MQ 9.1.1, MQCSP authentication
is enabled by default for the MFT agents and
logger. If the useMQCSPAuthentication parameter is not specified, it is by
default set to true.
Before IBM MQ 9.1.1, compatibility mode is the default and if the useMQCSPAuthentication parameter is not specified, it is by default set to false.
![[z/OS]](ngzos.gif)
From IBM MQ 8.0, the
MQMFTCredentials.xsd file can also be a PDSE member on z/OS®.
Before IBM WebSphere® MQ 7.5 the information contained in the MQMFTCredentials.xml file was held in separate properties files.
The MQMFTCredentials.xml file must conform to the MQMFTCredentials.xsd schema. The MQMFTCredentials.xml schema document is located in the MQ_INSTALLATION_PATH/mqft/samples/schema directory of the Managed File Transfer installation.
Schema
The following schema describes which elements are valid in the MQMFTCredentials.xml file.
<?xml version="1.0" encoding="UTF-8"?>
<!--
@start_non_restricted_prolog@
Version: %Z% %I% %W% %E% %U% [%H% %T%]
Licensed Materials - Property of IBM
5724-H72
Copyright IBM Corp. 2012, 2025. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with
IBM Corp.
@end_non_restricted_prolog@
-->
<!--
This schema defines the format of an MQMFTCredentials file. Files of this type
store credential information for agent and logger processes. They can contain
user names and passwords either in clear text or which have been obfuscated
using the fteObfuscate command.
-->
<!-- Example mqmftCredentials.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<tns:mqmftCredentials xmlns:tns="http://wmqfte.ibm.com/MQMFTCredentials"
xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://wmqfte.ibm.com/MQMFTCredentials MQMFTCredentials.xsd">
<tns:logger name="LOG1" user="user1" password="passw0rd"/>
<tns:logger name="ORACLE" userCipher="kj2h3dfkgf" passwordCipher="la3n67eaer"/>
<tns:file path="/home/emma/trust.jks" password="passw0rd"/>
<tns:file path="/var/tmp/keystore.jks" passwordCipher="e71vKCg2pf"/>
<tns:qmgr name="QM_COORD" user="tim" mqUserId="user1" mqPassword="passw0rd"/>
<tns:qmgr name="QM_COORD" user="tom" mqUserId="user1" mqPasswordCipher="e71vKCg2pf"/>
<tns:qmgr name="QM_COORD" user="ernest" mqUserId="ernest" mqPassword="AveryL0ngPassw0rd2135" useMQCSPAuthentication="true"/>
</tns:mqmftCredentials>
-->
<schema targetNamespace="http://wmqfte.ibm.com/MQMFTCredentials"
elementFormDefault="qualified"
xmlns="https://www.w3.org/2001/XMLSchema"
xmlns:tns="http://wmqfte.ibm.com/MQMFTCredentials">
<element name="mqmftCredentials" type="tns:mqmftCredentialsType"/>
<complexType name="mqmftCredentialsType">
<sequence>
<choice minOccurs="0" maxOccurs="unbounded">
<element name="logger" type="tns:loggerType"/>
<element name="file" type="tns:fileType"/>
<element name="qmgr" type="tns:mqUserPassType"/>
</choice>
</sequence>
</complexType>
<complexType name="loggerType">
<attribute name="name" type="string" use="required"/>
<attribute name="user" type="string" use="optional"/>
<attribute name="userCipher" type="string" use="optional"/>
<attribute name="password" type="string" use="optional"/>
<attribute name="passwordCipher" type="string" use="optional"/>
</complexType>
<complexType name="fileType">
<attribute name="path" type="string" use="required"/>
<attribute name="password" type="string" use="optional"/>
<attribute name="passwordCipher" type="string" use="optional"/>
</complexType>
<!-- Example XML:
<tns:qmgr name="QM_COORD" user="tim" mqUserId="user1" mqPassword="passw0rd"/>
<tns:qmgr name="QM_COORD" user="tom" mqUserIdCipher="xh5U7812x" mqPasswordCipher="e71vKCg2pf"/>
<tns:qmgr name="QM_COORD" mqUserId="defaultUser" mqPassword="passw0rd"/>
<tns:qmgr name="QM_COORD" user="ernest" mqUserId="ernest" mqPassword="AveryL0ngPassw0rd2135" useMQCSPAuthentication="true"/>
-->
<complexType name="mqUserPassType">
<attribute name="name" type="string" use="required"/>
<attribute name="user" type="string" use="optional"/>
<attribute name="mqUserId" type="string" use="optional"/>
<attribute name="mqUserIdCipher" type="string" use="optional"/>
<attribute name="mqPassword" type="string" use="optional"/>
<attribute name="mqPasswordCipher" type="string" use="optional"/>
<attribute name="useMQCSPAuthentication" type="boolean" use="optional"/>
</complexType>
</schema>Understanding the MQMFTCredentials.xml file
The elements and attributes used in the MQMFTCredentials.xml file are described in the following list.- <mqmftCredentials>
- The root element of the XML document.
- <file>
- The file in the transfer.
Attribute Description path Path to the key or truststore file being accessed. password Password to access the file. - <logger>
- The logger responsible for logging activity.
Attribute Description name The name of the logger. user The user name the logger will use to connect to its database. password The password the logger will use to connect to its database. - <qmgr>
- The IBM MQ queue manager connection.
Attribute Description name The name of the associated IBM MQ queue manager. user Optional: The name of user requesting the connection. mqUserId or mqUserIdCipher The clear text user ID (mqUserId), or obfuscated text user ID (mqUserIdCipher) to supply to an IBM MQ queue manager. mqPassword or mqPasswordCipher The clear text password (mqPassword), or obfuscated text password (mqPasswordCipher) to supply to an IBM MQ queue manager.