Configuring security credentials for an independent integration server in the server.conf.yaml file
You can configure an independent integration server to connect to secured resources by using credentials that are defined in the integration server's server.conf.yaml configuration file.
ServerCredentials:
odbc:
USERDB:
username: "user1"
password: "pass"
DATAFLOW:
username: "usr2"
password: "myLongPassword"
salesforce:
mysf1:
username: "aName"
password: "passw0rd"
clientId: "clientEye"
clientSecret: "worldsBiggestSecret"
jdbc:
db:
username: "myusername"
If you want to change the credentials when they have been set, you must update the properties in the server.conf.yaml file and then restart the integration server. The credentials are read when the integration server starts, and can be used by the message flows that are running on the integration server.
The credentials are accessible through the web user interface, the REST API, and the mqsicredentials command (when the integration server is running). The
credentialProvider field for credentials that are defined in this way is shown
as servercredentials
.
You can specify the following credential types and properties in the
ServerCredentials
section of the integration server's
server.conf.yaml file:
- cd:
Specify this type to set credentials for connecting an IBM® Sterling Connect:Direct® CDOutput node to its Connect:Direct server.
You can set the username and password properties for connecting to a Connect:Direct server.
- cics:
Specify this type to set credentials for connecting a CICSRequest node to a CICS® Transaction Server for z/OS® server.
You can set the username and password properties for connecting to a CICS Transaction Server for z/OS server. Password is optional.
- eis:
Specify this type to set credentials for connecting to an external Enterprise Information System (EIS), such as SAP, Siebel, JD Edwards, or PeopleSoft.
You can set the username and password properties for connecting to an EIS.
- email:
Specify this type to set credentials for connecting to an email server.
You can set the username and password properties for connecting to an email server.
- ftp:
Specify this type to set credentials for connecting to an FTP server.
You can set the username and password properties for connecting to an FTP server.
- http:
Specify this type to set credentials for static ID identity propagation with SOAP or HTTP request nodes when using basic authentication (basicAuth).
You can set the username and password properties for SOAP or HTTP request nodes (SOAPRequest, SOAPAsyncRequest, HTTPRequest, and HTTPAsyncRequest nodes).
- httpproxy:
Specify this type to set credentials for connecting to a secured HTTP proxy server.
You can set the username and password properties for connecting to an HTTP server.
- ims:
Specify this type to set credentials for connecting from an IMSRequest node to the IMS server.
You can set the username and password properties for connecting to an IMS server.
- jdbc:
Specify this type to set credentials for a JDBC type 4 connection.
You can set the username and password properties for connecting to a JDBC resource.
- jms:
Specify this type to set credentials for connecting to JMS resource.
You can set the username and password properties for connecting to a JMS resource.
- jndi:
Specify this type to set credentials for connecting to a JNDI resource.
You can set the username and password properties for connecting to a JNDI resource.
- kafka:
Specify this type to set credentials for connecting to a secured Kafka cluster.
You can set the username and password properties for connecting to a Kafka cluster.
- kerberos:
Specify this type to set credentials for connecting to the Kerberos Key Distribution Center (KDC).
You can set the username and password properties for connecting to a Kerberos KDC.
- keystore:
Specify this type to set credentials for opening the web user interface keystore.
You can set the password property for opening the web user interface keystore.
- keystorekey:
Specify this type to set credentials for opening a key inside the web user interface keystore.
You can set the password property for opening the key inside the keystore (for use when the key inside the keystore is protected by a password that is different from the password used to open the keystore).
- ldap:
Specify this type to set Lightweight Directory Access Protocol (LDAP) bind credentials.
You can set the username and password properties for binding to an LDAP server.
- loopback:
Specify this type to set credentials for a connection that is made through a LoopBack® connector.
You can set either the username and password or the username, password, clientId, and clientSecret properties for connecting through a LoopBack connector.
- mq:
Specify this type to set credentials for connecting to a secured IBM MQ queue manager.
You can set the username and password properties for connecting to an IBM MQ queue manager.
- mqtt:
Specify this type to set credentials for connecting to a secured external MQTT server, which the integration server uses to publish its event messages.
You can set the username and password properties for connecting to an external MQTT server.
- odbc:
Specify this type to set credentials for an Open Database Connectivity (ODBC) data source name (DSN) that is accessed from a message flow.
You can set the username and password properties for accessing an ODBC DSN from a message flow.
- odm:
Specify this type to set credentials for an Operational Decision Manager (ODM) Rule Execution Server that is accessed from a message flow.
You can set the username and password properties for accessing an ODM Rule Execution Server from a message flow.
- rest:
Specify this type to set credentials for authenticating a connection to an external REST API.
You can set the following properties for connecting to an external REST API:- apiKey
- username and password
- username, password, and apiKey
- salesforce:
Specify this type to set credentials for authenticating a connection to a Salesforce system.
You can set the username, password, clientId, and clientSecret properties for accessing a Salesforce system.
- sftp:
Specify this type to set credentials for authenticating a connection to an SFTP server.
To access an SFTP server, you must specify either the password or sshIdentityFile property, but not both. If you specify an identity file, you can also specify a passphrase with the passphrase property.
- smtp:
Specify this type to set credentials for authenticating a connection to an SMTP server.
You can set the username and password properties for connecting to an SMTP server.
- soap:
Specify this type to set credentials for static ID identity propagation with SOAP request and reply nodes when using WS-Security while connecting to or replying from a web service (SOAPRequest, SOAPAsyncRequest, and SOAPReply nodes).
You can set the username and password properties to specify the credentials for these connections.
- truststore:
Specify this type to set credentials for connecting to an integration server truststore.
You can set the password property for connecting to a truststore.
- truststorekey:
Specify this type to set credentials for opening a key inside the integration server truststore.
You can set the password property for opening the key inside the truststore (for use when the key inside the truststore is protected by a password that is different from the password used to open the truststore).
- wsrr:
Specify this type to set credentials for connecting to a WebSphere® Service Registry and Repository
You can set the username and password properties for accessing a WebSphere Service Registry and Repository.
- wxs:
Specify this type to set credentials for connecting to a secure WebSphere eXtreme Scale grid.
You can set the username and password properties for accessing a WebSphere eXtreme Scale grid.
For information about using an external credential provider for connecting to secured resources, see Configuring an integration server to use security credentials from an external source.
For more information about configuring an integration server, see Configuring an integration server by modifying the server.conf.yaml file.