[MQ 9.2.0 Jul 2020][MQ 9.2.0 Jul 2020]

runamscred: protect AMS keywords

The runamscred command protects passwords inside AMS configuration files.

[MQ 9.2.2 Mar 2021]There are two variants of this command:
  • An MQI variant located in <IBM® MQ installation root>/bin
  • A Java variant located in <IBM MQ installation root>/java/bin

[MQ 9.2.2 Mar 2021]When using runamscred to protect AMS keywords, use the same variant for the AMS client that is going to use the AMS keywords. For example, use the Java variant to protect Java keywords.

Purpose

The runamscred command uses the encryption key contained in the file, indicated by one of four options. In order of priority, these are the:
  1. -sf parameter
  2. MQS_AMSCRED_KEYFILE environment variable
  3. amscred.keyfile parameter in the configuration file
  4. Default initial key file if none of the above options is specified.
[MQ 9.2.2 Mar 2021]Attention: You should not use the default initial key.

Syntax

runamscred

Read syntax diagramSkip visual syntax diagramrunamscred-f config_file -sp int-sfkey file-h

Parameters

-f config_file
Required. Path to the keystore configuration file to protect
-sp int
Optional. Algorithm to use for protecting passwords. The value can be:
0
Use the deprecated credentials protection method.
[MQ 9.2.2 Mar 2021]Not applicable for MQI clients
1
[MQ 9.2.2 Mar 2021]The IBM MQ 9.2.0 password protection algorithm.
[MQ 9.2.2 Mar 2021]2
Default: Use the more secure credentials protection method.
-sf keyfile
Optional. Path to a file containing the initial key.
-h
Optional. Displays command syntax.

Examples

[AIX][Linux]To encrypt a password in the /home/alice/keystore.conf configuration file using the new algorithm, and store it in the new format, issue the following command:
runamscred -f /home/alice/keystore.conf
[AIX][Linux]To encrypt a password in the /home/alice/keystore.conf configuration file, using an initial key in the /etc/secure/alice_initial.key file, together with the new algorithm, and store it in the new format, issue the following command:
runamscred -sf /etc/secure/alice_initial.key -f /home/alice/keystore.conf
[Windows]To encrypt a password in the C:\Users\alice\keystore.conf configuration file using the new algorithm, and store it in the new format, issue the following command:
runamscred -f C:\Users\alice\keystore.conf
[Windows]To encrypt a password in the C:\Users\alice\keystore.conf configuration file, using an initial key in the C:\secure\alice_initial.key file, together with the new algorithm, and store it in the new format, issue the following command:
runamscred -sf C:\secure\alice_initial.key -f C:\Users\alice\keystore.conf

Return codes

0
Command completed successfully.
1
Command ended unsuccessfully.