runamscred: protect AMS keywords
The runamscred command protects passwords inside AMS configuration files.
There are two variants of this command:
- An MQI variant located in <IBM® MQ installation root>/bin
- A Java variant located in <IBM MQ installation root>/java/bin
When using runamscred to protect AMS keywords, use the same variant for the AMS client that is going to use the AMS keywords. For example, use the Java variant to protect Java keywords.
Purpose
The runamscred command uses the encryption key contained in the file,
indicated by one of four options. In order of priority, these are the:
- -sf parameter
- MQS_AMSCRED_KEYFILE environment variable
- amscred.keyfile parameter in the configuration file
- Default initial key file if none of the above options is specified.
Attention: You should not use the default initial key.
Syntax
Parameters
- -f config_file
- Required. Path to the keystore configuration file to protect
- -sp int
- Optional. Algorithm to use for protecting passwords. The value can be:
- 0
- Use the deprecated credentials protection method.
- 1
- The IBM MQ 9.2.0 password protection algorithm.
- 2
- Default: Use the more secure credentials protection method.
- -sf keyfile
- Optional. Path to a file containing the initial key.
- -h
- Optional. Displays command syntax.
Examples
To encrypt a password in the /home/alice/keystore.conf
configuration file using the new algorithm, and store it in the new format, issue the following
command:
runamscred -f /home/alice/keystore.conf
To encrypt a password in the /home/alice/keystore.conf
configuration file, using an initial key in the /etc/secure/alice_initial.key
file, together with the new algorithm, and store it in the new format, issue the following
command:
runamscred -sf /etc/secure/alice_initial.key -f /home/alice/keystore.conf
To encrypt a password in the C:\Users\alice\keystore.conf
configuration file using the new algorithm, and store it in the new format, issue the following
command:
runamscred -f C:\Users\alice\keystore.conf
To encrypt a password in the C:\Users\alice\keystore.conf
configuration file, using an initial key in the C:\secure\alice_initial.key
file, together with the new algorithm, and store it in the new format, issue the following
command:
runamscred -sf C:\secure\alice_initial.key -f C:\Users\alice\keystore.conf
Return codes
- 0
- Command completed successfully.
- 1
- Command ended unsuccessfully.