mqsicredentials command
Use the mqsicredentials command to encrypt credentials and store them in an IBM® App Connect Enterprise vault. These credentials can then be used by an integration node and its managed integration servers, an individual integration server, or any number of integration servers, to access secured resources.
Supported platforms
- Windows
- Linux®
- AIX®
Purpose
Use the mqsicredentials command to create, update, retrieve, or delete the security credentials for resources that can be used by an integration node and its managed integration servers, an individual integration server, or any number of integration servers. The credentials are stored in an encrypted form in an App Connect Enterprise vault.
Credential type | Resource requiring credentials for access |
---|---|
amazoncloudwatch | Amazon CloudWatch |
amazondynamodb | Amazon DynamoDB |
amazonec2 | Amazon EC2 |
amazoneventbridge | Amazon EventBridge |
amazonlambda | AWS Lambda |
amazonrds | Amazon RDS |
amazons3 | Amazon S3 |
amazonses | Amazon SES |
amazonsns | Amazon SNS |
amazonsqs | Amazon SQS |
anaplan | Anaplan |
asana | Asana |
azuread | Microsoft Entra ID |
azureblobstorage | Microsoft Azure Blob storage |
bamboohr | BambooHR |
box | Box |
calendly | Calendly |
cd | IBM Sterling Connect:Direct® server |
cdc | Change Data Capture |
cics | CICS® Transaction Server for z/OS® |
cloudantdb | IBM Cloudant® |
cmis | CMIS |
confluence | Confluence |
coupa | Coupa |
dropbox | Dropbox |
eis | External Enterprise Information System (EIS), such as SAP, Siebel, JD Edwards, or PeopleSoft |
elk | Elasticsearch, Logstash, and Kibana (ELK) server |
Email server | |
eventbrite | Eventbrite |
expensify | Expensify |
filenet | IBM FileNet Content Manager |
flexengage | flexEngage |
ftp | FTP server |
github | GitHub |
gitlab | GitLab |
gmail | Gmail |
googleanalytics | Google Analytics |
googlecalendar | Google Calendar |
googlechat | Google Chat |
googlebigquery | Google Cloud BigQuery |
googlecloudstorage | Google Cloud Storage |
googlecontacts | Google Contacts |
googledrive | Google Drive |
googlegroups | Google Groups |
googlepubsub | Google Cloud Pub/Sub |
googlesheet | Google Sheets |
googletasks | Google Tasks |
googletranslate | Google Translate |
greenhouse | Greenhouse |
http | SOAP and HTTP request nodes for static ID identity propagation when using basic authentication (basicAuth): SOAPRequest, SOAPAsyncRequest, HTTPRequest, and HTTPAsyncRequest nodes |
httpproxy | HTTP proxy server that requires a username and password |
hubspotcrm | HubSpot CRM |
hubspotmarketing | HubSpot Marketing |
ibmcoss3 | IBM Cloud Object Storage S3 |
ibmewm | IBM Engineering Workflow Management |
ibmopenpages | IBM OpenPages with Watson |
ibmsterlingiv | IBM Sterling Inventory Visibility |
ibmsterlingsci | IBM Supply Chain Intelligence Suite |
ibmtwc | IBM Weather Company Data Limited Edition |
ift | IBM Food Trust |
ims | IMS Connect server |
insightly | Insightly |
jdbc | JDBC type 4 connection |
jenkins | Jenkins |
jira | Jira |
jms | JMS resource |
jndi | JNDI resource |
kafka | Kafka cluster that requires a username and password |
kerberos | The Kerberos Key Distribution Center (KDC) |
keystore | Web user interface keystore password |
keystorekey | The key inside the keystore (for use when the key inside the keystore is protected by a password that is different from the password that is used to open the keystore) |
kronos | Ultimate Kronos Group (UKG) |
ldap | Lightweight Directory Access Protocol (LDAP) bind credentials |
local | Security profile when using an authentication type of 'Local' |
loopback | Loopback connector resource |
magento | Magento |
mailchimp | MailChimp |
marketo | Marketo |
maximo | IBM Maximo® |
mondaydotcom | monday.com |
mq | Secured IBM MQ queue manager |
mqtt | Secured MQTT server |
msad | Microsoft Active Directory |
msdynamicscrmrest | Microsoft Dynamics 365 for Sales |
msdynamicsfando | Microsoft Dynamics 365 for Finance and Operations |
msexcel | Microsoft Excel Online |
msexchange | Microsoft Exchange |
msonedrive | Microsoft OneDrive for Business |
msonenote | Microsoft OneNote |
mspowerbi | Microsoft Power BI |
mssharepoint | Microsoft SharePoint |
msteams | Microsoft Teams |
mstodo | Microsoft To Do |
odbc | ODBC data source name (DSN) that is accessed from a message flow |
odm | Operational Decision Manager (ODM) Rule Execution Server |
oracleebs | Oracle E-Business Suite |
oraclehcm | Oracle Human Capital Management |
rest | External REST API |
salesforce | Salesforce |
salesforceae | Salesforce Account Engagement |
salesforcemc | Salesforce Marketing Cloud |
sapariba | SAP Ariba |
sapodata | SAP OData |
sapsuccessfactors | SAP SuccessFactors |
servicenow | ServiceNow |
sfcommerceclouddata | Salesforce Commerce Cloud Digital Data |
sftp | Connection to an SFTP server |
shopify | Shopify |
slack | Slack |
smtp | Connection to an SMTP server |
snowflake | Snowflake |
soap | SOAP request and reply nodes for static ID identity propagation when using WS-Security while connecting to or replying from a web service (SOAPRequest, SOAPAsyncRequest, and SOAPReply nodes) |
square | Square |
surveymonkey | SurveyMonkey |
trello | Trello |
truststore | Integration server or integration node truststore |
truststorekey | The key inside the truststore (for use when the key inside the truststore is protected by a password that is different from the password that is used to open the truststore) |
twilio | Twilio |
watsondiscovery | IBM Watson Discovery |
wordpress | WordPress |
wsrr | WebSphere® Service Registry and Repository |
wufoo | Wufoo |
wxs | WebSphere eXtreme Scale grid |
yammer | Microsoft Viva Engage |
yapily | Yapily |
zendeskservice | Zendesk Service |
Syntax
Create or update credentials
Report
Delete
Set as default
Export / Import
Parameters
- --work-dir workpath
- (Optional) This parameter specifies the path to the work directory that is used by an independent integration server (not an integration server that is managed by an integration node). If you do not specify the --work-dir parameter, you must specify either the --ext-vault-dir, integrationNodeName, or --integration-connection-file parameter, or the --admin-host and --admin-port parameters.
- --ext-vault-dir externalDirectoryVaultPath
- (Optional) This parameter specifies the path to the directory that contains the external
directory vault, which can be shared by multiple integration servers. If you do not specify the
--ext-vault-dir parameter, you must specify either the
--work-dir, integrationNodeName, or
--integration-connection-file parameter, or the
--admin-host and --admin-port parameters.
You cannot set the --ext-vault-dir parameter in conjunction with the --set-as-default parameter.
- integrationNodeName
- (Optional) The name of the integration node that is associated with the resources for which the credentials are being created, updated, reported, or deleted. If you do not specify this parameter, you must specify either the --work-dir, --ext-vault-dir, or --integration-connection-file parameter, or the --admin-host and --admin-port parameters.
- --integration-connection-file fileName
- (Optional) This parameter specifies a file that contains connection information for an integration node or server. If you do not specify the --integration-connection-file parameter, you must specify either the integrationNodeName, --work-dir, or --ext-vault-dir parameter, or the --admin-host and --admin-port parameters.
- --admin-host hostname
- (Optional) This parameter specifies the hostname or IP address of the computer on which the integration node or integration server is running. If you do not specify the --admin-host and --admin-port parameters, you must specify either the integrationNodeName, --work-dir, --ext-vault-dir, or --integration-connection-file parameter.
- --admin-port port
- (Optional) This parameter specifies the port of the integration node or integration server. If you do not specify the --admin-host and --admin-port parameters, you must specify either the integrationNodeName, --work-dir, --ext-vault-dir, or --integration-connection-file parameter.
- --integration-server IntegrationServerName
- (Optional) Specify the name of the integration server that is associated with the resources for which the credentials are being created, updated, reported, or deleted. This parameter applies only to integration servers that are managed by an integration node. Alternatively, you can specify --all-integration-servers.
- --all-integration-servers
- (Optional) This parameter specifies that the command applies to all integration servers that are managed by the integration node. Alternatively, you can specify a named integration server (--integration-server IntegrationServerName). This parameter applies only to integration servers that are managed by an integration node.
- --create
- (Optional) Specify this parameter to create credentials in the vault, with the name
and type specified by the --credential-name and
--credential-type parameters.
If you do not specify this parameter, you must specify either --update, --report, --set-as-default, or --delete.
- --update
- (Optional) Specify this parameter to update the credentials that are specified by the
--credential-name and --credential-type parameters.
If you do not specify this parameter, you must specify either --create, --report, --set-as-default, or --delete.
- --report
- (Optional) Specify this parameter to show the reportable details of an existing
credential, as specified by the --credential-name and
--credential-type parameters.
If you do not specify this parameter, you must specify either --create, --update, --set-as-default, oror --delete.
- --delete
- (Optional) Specify this parameter to delete the specified credentials from the
vault.
If you do not specify this parameter, you must specify either --create, --update, --set-as-default, or --report.
- --set-as-default
- (Optional) Use this parameter to specify that the credential that is specified by the
--credential-name parameter is to be used as the default for the credential
type set by the --credential-type parameter. If you set this parameter, the
default credentials section of the integration server's server.conf.yaml file
is updated with the specified default; for example:
This credential is then used by default for the specified credential type (in this case,Defaults: Credentials: mq: 'mymqcredential'
mq
) when no credential name was specified.If you do not specify this parameter, you must specify either --create, --update, --delete, or --report.
You cannot set the --set-as-default parameter in conjunction with the --ext-vault-dir parameter.
- --export / import
- (Optional). Use --export to export the selected credential(s)
from the vault into a zip archive file. Use --import to import the selected
credential(s) from a zip archive file into the vault.
Credentials cannot be exported from the vault if the --vault-options no-export parameter was set when the vault containing the credentials was created (by the mqsivault command). For more information, see mqsivault command.
- --credential-name credentialName
- (Optional) The name of the credential.
- --credential-type credentialType
- (Optional) This parameter specifies the credential type, which relates to the type of resource
that is connected to by the integration server:
- amazoncloudwatch:
Specify this value to set credentials for authenticating a connection to Amazon CloudWatch.
You can use the --secret-access-key secretAccessKey and --access-key-id accessKeyID parameters to specify the credentials for connecting to an Amazon CloudWatch account.
- amazondynamodb:
Specify this value to set credentials for authenticating a connection to Amazon DynamoDB.
You can use the --secret-access-key secretAccessKey and --access-key-id accessKeyID parameters to specify the credentials for connecting to an Amazon DynamoDB account.
- amazonec2:
Specify this value to set credentials for authenticating a connection to Amazon EC2.
You can use the --secret-access-key secretAccessKey and --access-key-id accessKeyID parameters to specify the credentials for connecting to an Amazon EC2 account.
- amazoneventbridge:
Specify this value to set credentials for authenticating a connection to Amazon EventBridge.
You can use the --secret-access-key secretAccessKey and --access-key-id accessKeyID parameters to specify the credentials for connecting to an Amazon EventBridge account.
- amazonkinesis:
Specify this value to set credentials for authenticating a connection to Amazon Kinesis.
You can use the --secret-access-key secretAccessKey and --access-key-id accessKeyID parameters to specify the credentials for connecting to an Amazon Kinesis account.
- amazonlambda:
Specify this value to set credentials for authenticating a connection to AWS Lambda.
You can use the --secret-access-key secretAccessKey and --access-key-id accessKeyID parameters to specify the credentials for connecting to an AWS Lambda account.
- amazonrds:
Specify this value to set credentials for authenticating a connection to Amazon RDS.
You can use the --secret-access-key secretAccessKey and --access-key-id accessKeyID parameters to specify the credentials for connecting to an Amazon RDS account.
- amazons3:
Specify this value to set credentials for authenticating a connection to Amazon S3.
You can use the --secret-access-key secretAccessKey and --access-key-id accessKeyID parameters to specify the credentials for connecting to an Amazon S3 account.
- amazonses:
Specify this value to set credentials for authenticating a connection to Amazon SES.
You can use the --secret-access-key secretAccessKey and --access-key-id accessKeyID parameters to specify the credentials for connecting to an Amazon SES account.
- amazonsns:
Specify this value to set credentials for authenticating a connection to Amazon SNS.
You can use the --secret-access-key secretAccessKey and --access-key-id accessKeyID parameters to specify the credentials for connecting to an Amazon SNS account.
- amazonsqs:
Specify this value to set credentials for authenticating a connection to Amazon SQS.
You can use the --secret-access-key secretAccessKey and --access-key-id accessKeyID parameters to specify the credentials for connecting to an Amazon SQS account.
- anaplan:
Specify this value to set credentials for authenticating a connection to Anaplan.
You can use the following parameters to specify the credentials for connecting to an Anaplan account:- --auth-type basic, --username userName, and --password password
- --auth-type oauth, --client-id clientIdentity, --client-secret clientSecret, --access-token accessToken, and --refresh-token refreshToken.
- asana:
Specify this value to set credentials for authenticating a connection to Asana.
You can use the --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken parameters to specify the credentials for connecting to an Asana account.
- azuread:
Specify this value to set credentials for authenticating a connection to Microsoft Entra ID.
You can use the following parameters to specify the credentials for connecting to a Microsoft Entra ID account:- --auth-type basicClientId --username userName --password password --client-id clientIdentity and --client-secret clientSecret
- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken.
- azureblobstorage:
Specify this value to set credentials for authenticating a connection to Microsoft Azure Blob storage.
You can use the following parameters to specify the credentials for connecting to a Microsoft Azure Blob storage account:- --auth-type client --client-id clientIdentity and --client-secret clientSecret
- --auth-type apiKey and --api-key apiKey
- bamboohr:
Specify this value to set credentials for authenticating a connection to BambooHR.
You can use the --api-key apiKey parameter to specify the credentials for connecting to a BambooHR account.
- box:
Specify this value to set credentials for authenticating a connection to Box.
You can use the --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken parameters to specify the credentials for connecting to a Box account.
- calendly:
Specify this value to set credentials for authenticating a connection to Calendly.
You can use the following parameters to specify the credentials for connecting to a Calendly account:- --auth-type apiKey and --api-key apiKey
- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken.
- cd:
Specify this value to set credentials for connecting an IBM Sterling Connect:Direct CDOutput node to its Connect:Direct server.
You can use the --username userName and --password password parameters to specify the credentials for connecting to a Connect:Direct server.
- cdc:
Specify this value to set credentials for a Change Data Capture node.
You can use the --username userName and --password password parameters to specify the credentials for a Change Data Capture node.
- cics:
Specify this value to set credentials for connecting a CICSRequest node to a CICS Transaction Server for z/OS server.
You can use the --username userName and --password password parameters to specify the credentials for connecting to a CICS Transaction Server for z/OS server. Password is optional.
- cloudantdb:
Specify this value to set credentials for authenticating a connection to IBM Cloudant.
You can use the --username userName --password password and --api-key apiKey parameters to specify the credentials for connecting to an IBM Cloudant account.
- cmis:
Specify this value to set credentials for authenticating a connection to CMIS.
You can use the --username userName and --password password parameters to specify the credentials for connecting to a CMIS account.
- confluence:
Specify this value to set credentials for authenticating a connection to Confluence.
You can use the --username userName and --password password parameters to specify the credentials for connecting to a Confluence account.
- coupa:
Specify this value to set credentials for authenticating a connection to Coupa.
You can use the --api-key apiKey parameter to specify the credentials for connecting to a Coupa account.
- docusign:
Specify this value to set credentials for authenticating a connection to DocuSign.
You can use the following parameters to specify the credentials for connecting to a DocuSign account:- --auth-type basicRSA --username userName --api-key apiKey --private-key privateKey
- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken
- dropbox:
Specify this value to set credentials for authenticating a connection to Dropbox.
You can use the --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken parameters to specify the credentials for connecting to a Dropbox account.
- eis:
Specify this value to set credentials for connecting to an external Enterprise Information System (EIS), such as SAP, Siebel, JD Edwards, or PeopleSoft.
You can use the --username userName and --password password parameters to specify the credentials for connecting to an EIS.
- elk:
Specify this value to set credentials for connecting to an Elasticsearch, Logstash, and Kibana (ELK) server.
You can use the --username userName and --password password parameters to specify the credentials for connecting to an ELK server.
- email:
Specify this value to set credentials for connecting to an email server.
You can use the --username userName and --password password parameters to specify the credentials for connecting to an email server.
Alternatively, if you are using OAuth, use the --client-id EmailId and --access-token accessToken parameters to specify the credentials for connecting to an email server.
- eventbrite:
Specify this value to set credentials for authenticating a connection to Eventbrite.
You can use the --access-token accessToken parameter to specify the credentials for connecting to an Eventbrite account.
- expensify:
Specify this value to set credentials for authenticating a connection to Expensify.
You can use the --username userName and --password password parameters to specify the credentials for connecting to an Expensify account.
- filenet:
Specify this value to set credentials for authenticating a connection to IBM FileNet Content Manager.
You can use the --username userName and --password password parameters to specify the credentials for connecting to an IBM FileNet Content Manager account.
- flexengage:
Specify this value to set credentials for authenticating a connection to flexEngage.
You can use the --client-id clientIdentity and --client-secret clientSecret parameters to specify the credentials for connecting to a flexEngage account.
- ftp:
Specify this value to set credentials for connecting to an FTP server.
You can use the --username userName and --password password parameters to specify the credentials for connecting to an FTP server.
- github:
Specify this value to set credentials for authenticating a connection to GitHub.
You can use the following parameters to specify the credentials for connecting to a GitHub account:- --auth-type privateKey and --private-key privateKey
- --auth-type accessKeyId and --access-key-id accessKeyId
- gitlab:
Specify this value to set credentials for authenticating a connection to GitLab.
You can use the following parameters to specify the credentials for connecting to a GitLab account:- --auth-type accessToken and --access-token accessToken
- --auth-type basicClientId --user-name userName password password --client-id clientId --client-secret clientSecret
- gmail:
Specify this value to set credentials for authenticating a connection to Gmail.
You can use the --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken parameters to specify the credentials for connecting to a Gmail account.
- googleanalytics:
Specify this value to set credentials for authenticating a connection to Google Analytics.
You can use the --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken parameters to specify the credentials for connecting to a Google Analytics account.
- googlebigquery:
Specify this value to set credentials for authenticating a connection to Google Cloud BigQuery.
You can use the --private-key privateKey and --client-email clientEmail parameters to specify the credentials for connecting to a Google Cloud BigQuery account.
- googlecalendar:
Specify this value to set credentials for authenticating a connection to Google Calendar.
You can use the --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken parameters to specify the credentials for connecting to a Google Calendar account.
- googlechat:
Specify this value to set credentials for authenticating a connection to Google Chat.
You can use the --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken parameters to specify the credentials for connecting to a Google Chat account.
- googlecloudstorage:
Specify this value to set credentials for authenticating a connection to Google Cloud Storage.
You can use the --secret-access-key secretAccessKey and --access-key-id accessKeyID parameters to specify the credentials for connecting to a Google Cloud Storage account.
- googlecontacts:
Specify this value to set credentials for authenticating a connection to Google Contacts.
You can use the --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken parameters to specify the credentials for connecting to a Google Contacts account.
- googledrive:
Specify this value to set credentials for authenticating a connection to Google Drive.
You can use the --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken parameters to specify the credentials for connecting to a Google Drive account.
- googlegroups:
Specify this value to set credentials for authenticating a connection to Google Groups.
You can use the following parameters to specify the credentials for connecting to a Google Groups account:- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken
- --auth-type apiClientEmailUsername --username userName --api-key apiKey --client-email clientEmail
- googlepubsub:
Specify this value to set credentials for authenticating a connection to Google Cloud Pub/Sub.
You can use the --private-key privateKey and --client-email clientEmail parameters to specify the credentials for connecting to a Google Cloud Pub/Sub account.
- googlesheet:
Specify this value to set credentials for authenticating a connection to Google Sheets.
You can use the --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken parameters to specify the credentials for connecting to a Google Sheets account.
- googletasks:
Specify this value to set credentials for authenticating a connection to Google Tasks.
You can use the following parameters to specify the credentials for connecting to a Google Tasks account:- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken
- --auth-type apiClientEmailUsername --username userName --api-key apiKey --client-email clientEmail
- googletranslate:
Specify this value to set credentials for authenticating a connection to Google Translate.
You can use the --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken parameters to specify the credentials for connecting to a Google Translate account.
- greenhouse:
Specify this value to set credentials for authenticating a connection to Greenhouse.
You can use the --api-key apiKey parameter to specify the credentials for connecting to a Greenhouse account.
- http:
Specify this value to set credentials for static ID identity propagation with SOAP or HTTP request nodes (SOAPRequest, SOAPAsyncRequest, HTTPRequest, and HTTPAsyncRequest nodes).
You can use the following parameters to specify the credentials for an HTTP connection:- --auth-type basic --username userName --password password
- --auth-type basicApiKey --username userName --password password --api-key apiKey
- --auth-type apiKey --api-key apiKey
You can use the --username userName and --password password parameters to specify the credentials for SOAP or HTTP request nodes.
Alternatively, you can use the --username userName, --password password, and --api-key apiKey parameters to specify the credentials for HTTPRequest and HTTPAyncRequest nodes.
- httpproxy:
Specify this parameter to set credentials for connecting to a secured HTTP proxy server.
You can use the --username userName and --password password parameters to specify the credentials for connecting to an HTTP server.
- hubspotcrm:
Specify this value to set credentials for authenticating a connection to HubSpot CRM.
You can use the following parameters to specify the credentials for connecting to a HubSpot CRM account:- --auth-type privateKey --private-key privateKey
- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken --refresh-token refreshToken
- hubspotmarketing:
Specify this value to set credentials for authenticating a connection to HubSpot Marketing.
You can use the following parameters to specify the credentials for connecting to a HubSpot Marketing account.
- --auth-type privateKey --private-key privateKey
- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken --refresh-token refreshToken
- ibmcoss3:
Specify this value to set credentials for authenticating a connection to IBM Cloud Object Storage S3.
You can use the following parameters to specify the credentials for connecting to an IBM Cloud Object Storage S3 account:- --auth-type apiKey --api-key apiKey
- --auth-type secretAccessApiKey --api-key apiKey --secret-access-key secretAccessKey --access-key-id accessKeyId
- ibmewm:
Specify this value to set credentials for authenticating a connection to IBM Engineering Workflow Management.
You can use the --username userName and --password password parameters to specify the credentials for connecting to an IBM Engineering Workflow Management account.
- ibmopenpages:
Specify this value to set credentials for authenticating a connection to IBM OpenPages with Watson.
You can use the following parameters to specify the credentials for connecting to an IBM OpenPages with Watson account:- --auth-type basic --username userName and --password password
- --auth-type publicPrivateKeyPair --private-key privateKey and --public-key publicKey
- ibmsterlingiv:
Specify this value to set credentials for authenticating a connection to IBM Sterling Inventory Visibility.
You can use the --client-id clientIdentity and --client-secret clientSecret parameters to specify the credentials for connecting to an IBM Sterling Inventory Visibility account.
- ibmsterlingsci:
Specify this value to set credentials for authenticating a connection to IBM Supply Chain Intelligence Suite.
You can use the following parameters to specify the credentials for connecting to an IBM Supply Chain Intelligence Suite account:- --auth-type clientUsername --user-name userName password password --client-id clientId
- --auth-type apiClientId --api-key apiKey --client-id clientId
- ibmtwc:
Specify this value to set credentials for authenticating a connection to IBM Weather Company Data Limited Edition.
You can use the --api-key apiKey parameter to specify the credentials for connecting to an IBM Weather Company Data Limited Edition account.
- ift:
Specify this value to set credentials for authenticating a connection to IBM Food Trust.
You can use the --api-key apiKey and --client-id clientId parameters to specify the credentials for connecting to an IBM Food Trust account.
- ims:
Specify this value to set credentials for connecting from an IMSRequest node to the IMS server.
You can use the --username userName and --password password parameters to specify the credentials for connecting to an IMS server.
- jdbc:
Specify this value to set credentials for a JDBC type 4 connection.
You can use the --username userName and --password password parameters to specify the credentials for connecting to a JDBC resource.
- jenkins:
Specify this value to set credentials for authenticating a connection to Jenkins.
You can use the --username userName and --password password parameters to specify the credentials for connecting to a Jenkins account.
- jira:
Specify this value to set credentials for authenticating a connection to Jira.
You can use the --username userName and --password password parameters to specify the credentials for connecting to a Jira account.
- jms:
Specify this value to set credentials for connecting to JMS resource.
You can use the --username userName and --password password parameters to specify the credentials for connecting to a JMS resource.
- jndi:
Specify this value to set credentials for connecting to a JNDI resource.
You can use the --username userName and --password password parameters to specify the credentials for connecting to a JNDI resource.
- kafka:
Specify this value to set credentials for connecting to a secured Kafka cluster.
You can use the --username userName and --password password parameters to specify the credentials for connecting to a Kafka cluster.
- kerberos:
Specify this value to set credentials for connecting to the Kerberos Key Distribution Center (KDC).
You can use the --username userName and --password password parameters to specify the credentials for connecting to a Kerberos KDC.
- keystore:
Specify this value to set credentials for opening the web user interface keystore.
You can use the --password password parameter to specify the credentials for opening the web user interface keystore.
- keystorekey:
Specify this value to set credentials for opening a key inside the web user interface keystore.
You can use the --password password parameter to specify the credentials for opening the key inside the keystore (for use when the key inside the keystore is protected by a password that is different from the password that is used to open the keystore).
- kronos:
Specify this value to set credentials for authenticating a connection to UKG (Ultimate Kronos Group).
You can use the --username userName --password password --api-key apiKey --client-id clientIdentity and --client-secret clientSecret parameters to specify the credentials for connecting to a UKG account.
- ldap:
Specify this value to set Lightweight Directory Access Protocol (LDAP) bind credentials.
You can use the --username userName and --password password parameters to specify the credentials for binding to an LDAP server.
- local
Specify this value when using a security profile with an authentication type of 'Local' to authenticate against a set of stored static credentials. You can use the --username and --password parameters to specify the credentials to authenticate against.
If you need an input node in a message flow to authenticate against a locally stored credential, you can create a Security Profiles policy that uses locally stored credentials for authentication. For more information see, Configuring a message flow for identity propagation.
If you want a Request node or an Output node to use a locally stored credential, you must provide the identity that it can use to authenticate to the remote server. For more information see, Creating a security profile for using locally stored credentials.
- loopback:
Specify this value to set credentials for a connection that is made through a LoopBack® connector.
You can use the following parameters to specify the credentials for connecting through a LoopBack connector:- --auth-type basic, --username userName, and --password password
- --auth-type basicClientId --username userName --password password --client-id clientIdentity and --client-secret clientSecret
- magento:
Specify this value to set credentials for authenticating a connection to Magento.
You can use the --username userName and --password password parameters to specify the credentials for connecting to a Magento account.
- mailchimp:
Specify this value to set credentials for authenticating a connection to MailChimp.
You can use the --access-token accessToken parameter to specify the credentials for connecting to a MailChimp account.
- marketo:
Specify this value to set credentials for authenticating a connection to Marketo.
You can use the --client-id clientIdentity and --client-secret clientSecret parameters to specify the credentials for connecting to a Marketo account.
- maximo:
Specify this value to set credentials for authenticating a connection to IBM Maximo.
You can use the following parameters to specify the credentials for connecting to an IBM Maximo account:- --auth-type basicWebsphere --username userName --password password --websphere-username websphereUserName and --websphere-password webspherePassword
- --auth-type apiKeyWebsphere --api-key apiKey --websphere-username websphereUserName and --websphere-password webspherePassword
- --auth-type basic --username userName and --password password
- --auth-type apiKey and --api-key apiKey
- mondaydotcom:
Specify this value to set credentials for authenticating a connection to monday.com.
You can use the --api-key apiKey parameter to specify the credentials for connecting to a monday.com account.
- mq:
Specify this value to set credentials for connecting to a secured IBM MQ queue manager.
You can use the --username userName and --password password parameters to specify the credentials for connecting to an IBM MQ queue manager.
- mqtt:
Specify this value to set credentials for connecting to a secured external MQTT server, which the integration server uses to publish its event messages.
You can use the --username userName and --password password parameters to specify the credentials for connecting to an external MQTT server.
- msad:
Specify this value to set credentials for authenticating a connection to Microsoft Active Directory.
You can use the --username userName and --password password parameters to specify the credentials for connecting to a Microsoft Active Directory account.
- msdynamicscrmrest:
Specify this value to set credentials for authenticating a connection to Microsoft Dynamics 365 for Sales.
You can use the following parameters to specify the credentials for connecting to a Microsoft Dynamics 365 for Sales account:- --auth-type basicClientId --username userName --password password --client-id clientIdentity and --client-secret clientSecret
- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken.
- msdynamicsfando:
Specify this value to set credentials for authenticating a connection to Microsoft Dynamics 365 for Finance and Operations.
You can use the --username userName --password password --client-id clientIdentity and --client-secret clientSecret parameters to specify the credentials for connecting to a Microsoft Dynamics 365 for Finance and Operations account.
- msexcel:
Specify this value to set credentials for authenticating a connection to Microsoft Excel Online.
You can use the following parameters to specify the credentials for connecting to a Microsoft Excel Online account:- --auth-type basicClientId --username userName --password password --client-id clientIdentity and --client-secret clientSecret
- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken.
- msexchange:
Specify this value to set credentials for authenticating a connection to Microsoft Exchange.
You can use the --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken parameters to specify the credentials for connecting to a Microsoft Exchange account.
- msonedrive:
Specify this value to set credentials for authenticating a connection to Microsoft OneDrive for Business.
You can use the --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken parameters to specify the credentials for connecting to a Microsoft OneDrive for Business account.
- msonenote:
Specify this value to set credentials for authenticating a connection to Microsoft OneNote.
You can use the following parameters to specify the credentials for connecting to a Microsoft OneNote account:- --auth-type basicClientId --username userName and --password password --client-id clientIdentity --client-secret clientSecret
- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken.
- mspowerbi:
Specify this value to set credentials for authenticating a connection to Microsoft Power BI.
You can use the following parameters to specify the credentials for connecting to a Microsoft Power BI account:- --auth-type basicClientId --username userName and --password password --client-id clientIdentity --client-secret clientSecret
- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken.
- --auth-type client --client-id clientIdentity --client-secret clientSecret
- mssharepoint:
Specify this value to set credentials for authenticating a connection to Microsoft SharePoint.
You can use the following parameters to specify the credentials for connecting to a Microsoft SharePoint account:- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken.
- --auth-type basic --username userName and --password password
- msteams:
Specify this value to set credentials for authenticating a connection to Microsoft Teams.
You can use the --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken parameters to specify the credentials for connecting to a Microsoft Teams account.
- mstodo:
Specify this value to set credentials for authenticating a connection to Microsoft To Do.
You can use the following parameters to specify the credentials for connecting to a Microsoft To Do account:- --auth-type basicClientId --username userName and --password password --client-id clientIdentity --client-secret clientSecret
- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken.
- odbc:
Specify this value to set credentials for an Open Database Connectivity (ODBC) data source name (DSN) that is accessed from a message flow.
You can use the --username userName and --password password parameters to specify the credentials for accessing an ODBC DSN from a message flow.
- odm:
Specify this value to set credentials for an IBM Operational Decision Manager (ODM) Rule Execution Server that is accessed from a message flow by using an ODM Server policy.
You can use the --username userName and --password password parameters to specify the credentials for accessing an ODM Rule Execution Server from a message flow.
- oracleebs:
Specify this value to set credentials for authenticating a connection to Oracle E-Business Suite.
You can use the --username userName and --password password parameters to specify the credentials for connecting to an Oracle E-Business Suite account.
- oraclehcm:
Specify this value to set credentials for authenticating a connection to Oracle Human Capital Management.
You can use the --username userName and --password password parameters to specify the credentials for connecting to an Oracle Human Capital Management account.
- rest:
Specify this value to set credentials for authenticating a connection to an external REST API.
You can use the following parameters to specify the credentials for connecting to an external REST API:- --auth-type apiKey and --api-key apiKey
- --auth-type basic --username userName and --password password
- --auth-type basicApiKey --api-key apiKey --username userName and --password password
- salesforce:
Specify this value to set credentials for authenticating a connection to Salesforce.
You can use the following parameters to specify the credentials for accessing a Salesforce account:- --auth-type basicClientId --username userName --password password --client-id clientIdentity and --client-secret clientSecret
- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken.
- salesforceae:
Specify this value to set credentials for authenticating a connection to Salesforce Account Engagement.
You can use the following parameters to specify the credentials for connecting to a Salesforce Account Engagement account:- --auth-type basicClientId --username userName --password password --client-id clientIdentity and --client-secret clientSecret
- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken.
- salesforcemc:
Specify this value to set credentials for authenticating a connection to Salesforce Marketing Cloud.
You can use the following parameters to specify the credentials for accessing a Salesforce Marketing Cloud account:- --auth-type client --client-id clientIdentity and --client-secret clientSecret
- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken and --refresh-token refreshToken.
- sapariba:
Specify this value to set credentials for authenticating a connection to SAP Ariba.
You can use the --username userName and --password password parameters to specify the credentials for connecting to SAP Ariba.
- sapodata:
Specify this value to set credentials for authenticating a connection to SAP OData.
You can use the --username userName and --password password parameters to specify the credentials for connecting to SAP OData.
- sapsuccessfactors:
Specify this value to set credentials for authenticating a connection to SAP SuccessFactors.
You can use the following parameters to specify the credentials for connecting to a SAP SuccessFactors account:- --auth-type basic --username userName --password password
- --auth-type accessClientKey --client-id clientIdentity --client-secret clientSecret and --access-key-id accessKeyId.
- servicenow:
Specify this value to set credentials for authenticating a connection to ServiceNow.
You can use the following parameters to specify the credentials for accessing a ServiceNow account:- --auth-type basic --username userName and --password password
- --auth-type basicClientId --username userName --password password --client-id clientIdentity and --client-secret clientSecret
- sfcommerceclouddata:
Specify this value to set credentials for authenticating a connection to Salesforce Commerce Cloud Digital Data.
You can use the --client-id clientIdentity and --client-secret clientSecret parameters to specify the credentials for connecting to Salesforce Commerce Cloud Digital Data.
- sftp:
Specify this value to set credentials for authenticating a connection to an SFTP server.
To access an SFTP server, you must specify either the --password password or --ssh-identity-file identityFile parameter, but not both. If you specify an identity file, you must also specify a passphrase by using the --passphrase parameter. If the identify file does not require a passphrase, you must supply an empty passphrase.
- shopify:
Specify this value to set credentials for authenticating a connection to Shopify.
You can use the following parameters to specify the credentials for connecting to a Shopify account:- --auth-type accessToken --access-token accessToken
- --auth-type clientAccessToken --client-id clientIdentity --client-secret clientSecret and --access-token accessToken.
- slack:
Specify this value to set credentials for authenticating a connection to Slack.
You can use the --access-token accessToken parameter to specify the credentials for connecting to Slack.
- smtp:
Specify this value to set credentials for authenticating a connection to an SMTP server.
You can use the --username userName and --password password parameters to specify the credentials for connecting to an SMTP server.
Alternatively, if you are using OAuth, use the --client-id EmailId and --access-token accessToken parameters to specify the credentials for connecting to an SMTP server.
- snowflake:
Specify this value to set credentials for authenticating a connection to Snowflake.
You can use the --username userName and --password password parameters to specify the credentials for connecting to Snowflake.
- soap:
Specify this value to set credentials for static ID identity propagation with SOAP request and reply nodes when using WS-Security while connecting to or replying from a web service (SOAPRequest, SOAPAsyncRequest, and SOAPReply nodes).
You can use the --username userName and --password password parameters to specify the credentials for these connections.
- square:
Specify this value to set credentials for authenticating a connection to Square.
You can use the following parameters to specify the credentials for connecting to a Square account.
- --auth-type apiKey --api-key apiKey
- --auth-type oauth --client-id clientIdentity --client-secret clientSecret --access-token accessToken --refresh-token refreshToken
- surveymonkey:
Specify this value to set credentials for authenticating a connection to SurveyMonkey.
You can use the --access-token accessToken parameter to specify the credentials for connecting to SurveyMonkey.
- trello:
Specify this value to set credentials for authenticating a connection to Trello.
You can use the --client-id clientIdentity and --access-token accessToken parameters to specify the credentials for connecting to Trello.
- truststore:
Specify this value to set credentials for connecting to an integration server truststore.
You can use the --password password parameter to specify the credentials for connecting to a truststore.
- truststorekey:
Specify this value to set credentials for opening a key inside the integration server truststore.
You can use the --password password parameter to specify the credentials for opening the key inside the truststore (for use when the key inside the truststore is protected by a password that is different from the password that is used to open the truststore).
- twilio:
Specify this value to set credentials for authenticating a connection to Twilio.
You can use the --username userName and --password password parameters to specify the credentials for connecting to Twilio.
- watsondiscovery:
Specify this value to set credentials for authenticating a connection to IBM Watson Discovery.
You can use the --username userName, --password password, and --api-key apiKey parameters to specify the credentials for connecting to an IBM Watson Discovery account.
- wordpress:
Specify this value to set credentials for authenticating a connection to WordPress.
You can use the --access-token accessToken parameter to specify the credentials for connecting to a WordPress account.
- wsrr:
Specify this value to set credentials for connecting to a WebSphere Service Registry and Repository
You can use the --username userName and --password password parameters to specify the credentials for accessing a WebSphere Service Registry and Repository.
- wufoo:
Specify this value to set credentials for authenticating a connection to Wufoo.
You can use the --api-key apiKey parameter to specify the credentials for connecting to a Wufoo account.
- wxs:
Specify this value to set credentials for connecting to a secure WebSphere eXtreme Scale grid.
You can use the --username userName and --password password parameters to specify the credentials for accessing a WebSphere eXtreme Scale grid.
- yammer:
Specify this value to set credentials for authenticating a connection to Microsoft Viva Engage.
You can use the --access-token accessToken parameter to specify the credentials for connecting to Microsoft Viva Engage.
- yapily:
Specify this value to set credentials for authenticating a connection to Yapily.
You can use the --api-key apiKey, --access-token accessToken, and --secret-access-key secretAccessKey parameters to specify the credentials for connecting to a Yapily account.
- zendeskservice:
Specify this value to set credentials for authenticating a connection to Zendesk Service.
You can use the following parameters to specify the credentials for accessing a Zendesk Service account:- --auth-type basicClientId --username userName --password password --client-id clientIdentity and --client-secret clientSecret
- --auth-type basic --username userName and --password password
- --auth-type accessToken and --access-token accessToken
- --auth-type usernameApiKey --username userName and --api-key apiKey
- amazoncloudwatch:
- --archive-location archiveLocation
- (Optional) The location of the zip archive file to be imported from or exported to.
- --archive-key archiveKey
- (Optional) The password required to access the --archive-location.
- --vault-key vaultKey
- (Optional) The vault key that is used to access the vault where the credential is stored. You can specify either the --vault-key, --ext-vault-key, or --vaultrc-location parameter, or you can set the MQSI_VAULT_KEY, MQSI_EXT_VAULT_KEY, or MQSI_VAULTRC_LOCATION environment variable. If you specify none of these, the .mqsivaultrc file is looked for in your HOME directory.
- --ext-vault-key externalDirectoryVaultKey
- (Optional) The vault key that is used to access the external directory vault where the credential is stored. You can specify either the --ext-vault-key, --vault-key, or --vaultrc-location parameter, or you can set the MQSI_EXT_VAULT_KEY, MQSI_VAULT_KEY, or MQSI_VAULTRC_LOCATION environment variable. If you specify none of these, the .mqsivaultrc file is looked for in your HOME directory.
- --vaultrc-location mqsivaultrc_file_location
- (Optional) The location of the .mqsivaultrc file that contains the vault key. You can specify either the --vaultrc-location, --vault-key, or --ext-vault-key parameter, or you can set the MQSI_VAULTRC_LOCATION, MQSI_VAULT_KEY, or MQSI_EXT_VAULT_KEY environment variable. If you specify none of these, the .mqsivaultrc file is looked for in your HOME directory.
- --username userId
- (Optional) The user ID to be associated with this resource.
- --password password
- (Optional) The password to be associated with this resource.
If you specify a password by using the --password parameter and the password includes characters that have special meaning to the command shell, you must use quotation marks around the password or escape the characters. Use single quotation marks on Linux and AIX systems. Use double quotation marks on Windows systems. For a full list of reserved characters, and the rules that are associated with those characters when you use quotation marks and escape characters, see the documentation that is supplied with the shell.
However, you can avoid the need to use quotation marks or to escape special characters if you omit to specify a password with the --password parameter. If you specify the parameter with no password, you are prompted to enter a password during the invocation of the command. The password that you specify after being prompted can include characters that have special meaning to the command shell with no need for you to use quotation marks or to escape these characters.
- --client-id clientIdentity
- This parameter specifies either of the following values:
- (Optional) The name of the consumer key of your Salesforce Connected App to be used for authentication with Salesforce systems
- (Optional) The name of the client ID of your connected LoopBack application to be used for authentication with LoopBack connectors
- --client-secret clientSecret
- This parameter specifies either of the following values:
- (Optional) The consumer secret of your Salesforce Connected App to be used for authentication with Salesforce systems.
- (Optional) The client secret of your connected LoopBack application to be used for authentication with LoopBack connectors.
- --api-key apiKey
- (Optional) The API key to be used for authentication with REST APIs. You can specify only a REST API key to be used for authentication, or you can specify a REST API key together with a user ID and password.
- --ssh-identity-file identityFile
- (Optional) The name of an identity file, in PEM format, to be used for authentication with SFTP in place of a password. You must specify either a password or an identity file, but not both. If you specify an identity file, you can also specify a passphrase with the --passphrase parameter.
- --passphrase passphrase
- (Optional) The passphrase that is used for authentication with SFTP. This parameter is valid only when the --ssh-identity-file parameter is also specified. The passphrase is used during decryption of the identity file.
- --trace traceFileName
- (Optional) This parameter writes debug trace information about the command to the specified output file.
Authorization
Ensure that the registry is secured to prevent unauthorized access.
Examples
The following examples show the setting of security credentials by using the mqsicredentials command:
ODBC Data source names
The following examples show the use of the mqsicredentials command to associate credentials for ODBC connections:
mqsicredentials myIntegrationNode1 --create --integration-server myIntegrationServer1
--credential-type odbc --credential-name myDSN1 --username user1 --password myPassword1
mqsicredentials myIntegrationNode1 --create --integration-server myIntegrationServer1 --vault-key
AAIAmAVaultKey
--credential-type odbc --credential-name myDSN1 --username user1 --password myPassword1
mqsicredentials myIntegrationNode1 --delete --integration-server myIntegrationServer1
--vault-key myVaultKey --credential-type odbc --credential-name myDSN1
You can delete the credentials only when the integration node is stopped, and you must specify a vault key.
LDAP servers
mqsicredentials myIntegrationNode1 --create --credential-type ldap --credential-name adminAuthentication
--password myPassword1
Salesforce servers
mqsicredentials -i localHost -p 4416 --all-integration-servers --create --credential-type salesforce
--credential-name mySF --username sfuser1 --password mysfpassword --client-id myclientid --client-secret myclientsecret
Authenticating incoming requests
You can use the local credentials for a configured alias name in the integration server's vault to authenticate incoming requests. For example:mqsicredentials --work-dir c:\mywrk\myaceworkdir --create --vault-key abcd1234 --credential-type local
--credential-name LocalCredentialsAlias --username SecUserName --password SecPwd
For more information about authenticating incoming requests, see Authenticating incoming requests by using credentials stored in the vault.