Configuring Credential Manager for secure transfers that use Aspera NodeD Service (asperanoded)

To run processes that involve the asperanoded service, the transfer user must run as a system user. Credential Manager stores the necessary credentials for ascp or async transfers that use WebSocket, or for Node API calls that access the /ops/transfers endpoint.

Adding the system user credentials to Credential Manager allows the service user, svcAspera (by default) to create a login session for the transfer user by using the stored credentials.

Credential Manager

Add the system user credentials to Credential Manager on the same machine where HSTS is installed:

  1. Open a command prompt window and run the following commands:
    runas /user:svcAspera cmd.exe
    cmdkey /generic:xfer /user:xfer /pass:<password>

    svcAspera refers to the service account running either asperanoded or sshd, while xfer refers to the system user account used by the ascp transfer user.

    By running these commands, you instruct Windows to run command prompt as the system user svcAspera. After entering the password, another command prompt window opens, where you can run the transfers.

    To confirm that the command prompt is running as the system user, the title bar must display cmd.exe (running as xfer\svcAspera).

After this setup, transfers created with ascp and async that use WebSocket require entering credentials that are authenticated through Credential Manager, while transfers initiated by using the Node API endpoint /ops/transfers use securely stored credentials, eliminating the need to reenter them for each transfer.