MQMFT credentials file format
The MQMFTCredentials.xml file is new for WebSphere® MQ Managed File Transfer V7.5. It contains sensitive information previously held in separate properties files. The security of credentials files is the responsibility of the user.
The MQMFTCredentials.xml file must conform to the MQMFTCredentials.xsd schema. The MQMFTCredentials.xml schema document is located in the MQ_INSTALLATION_PATH/mqft/samples/schema directory of the WebSphere MQ Managed File Transfer installation.
Schema
The following schema describes which elements are valid in the MQMFTCredentials.xml file.
<?xml version="1.0" encoding="UTF-8"?>
<!--
@start_non_restricted_prolog@
Version: %Z% %I% %W% %E% %U% [%H% %T%]
Licensed Materials - Property of IBM
5724-H72
Copyright IBM Corp. 2012, 2024. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with
IBM Corp.
@end_non_restricted_prolog@
-->
<!--
This schema defines the format of an MQMFTCredentials file. Files of this type
store credential information for agent and logger processes. They can contain
user names and passwords either in clear text or which have been obfuscated
using the fteObfuscate command.
-->
<!-- Example MQMFTCredentials.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<tns:mqmftCredentials xmlns:tns="http://wmqfte.ibm.com/MQMFTCredentials"
xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://wmqfte.ibm.com/MQMFTCredentials MQMFTCredentials.xsd">
<tns:logger name="LOG1" user="user1" password="passw0rd"/>
<tns:logger name="ORACLE" userCipher="kj2h3dfkgf" passwordCipher="la3n67eaer"/>
<tns:file path="home/emma/trust.jks" password="passw0rd"/>
<tns:file path="/var/tmp/keystore.jks" passwordCipher="e71vKCg2pf"/>
<tns:qmgr name="QM_COORD" user="tim" mqUserId="user1" mqPassword="passw0rd"/>
<tns:qmgr name="QM_COORD" user="tom" mqUserId="user1" mqPasswordCipher="e71vKCg2pf"/>>
</tns:mqmftCredentials>
-->
<schema targetNamespace="http://wmqfte.ibm.com/MQMFTCredentials"
elementFormDefault="qualified"
xmlns="https://www.w3.org/2001/XMLSchema"
xmlns:tns="http://wmqfte.ibm.com/MQMFTCredentials">
<element name="mqmftCredentials" type="tns:mqmftCredentialsType"/>
<complexType name="mqmftCredentialsType">
<sequence>
<choice minOccurs="0" maxOccurs="unbounded">
<element name="logger" type="tns:loggerType"/>
<element name="file" type="tns:fileType"/>
</choice>
</sequence>
</complexType>
<complexType name="loggerType">
<attribute name="name" type="string" use="required"/>
<attribute name="user" type="string" use="optional"/>
<attribute name="userCipher" type="string" use="optional"/>
<attribute name="password" type="string" use="optional"/>
<attribute name="passwordCipher" type="string" use="optional"/>
</complexType>
<complexType name="fileType">
<attribute name="path" type="string" use="required"/>
<attribute name="password" type="string" use="optional"/>
<attribute name="passwordCipher" type="string" use="optional"/>
</complexType>
<!-- Example XML:
<tns:qmgr name="QM_COORD" user="tim" mqUserId="user1" mqPassword="passw0rd"/>
<tns:qmgr name="QM_COORD" user="tom" mqUserIdCipher="xh5U7812x" mqPasswordCipher="e71vKCg2pf"/>
<tns:qmgr name="QM_COORD" mqUserId="defaultUser" mqPassword="passw0rd"/>
-->
<complexType name="mqUserPassType">
<attribute name="name" type="string" use="required"/>
<attribute name="user" type="string" use="optional"/>
<attribute name="mqUserId" type="string" use="optional"/>
<attribute name="mqUserIdCipher" type="string" use="optional"/>
<attribute name="mqPassword" type="string" use="optional"/>
<attribute name="mqPasswordCipher" type="string" use="optional"/>
</complexType>
</schema>
Understanding the MQMFTCredentials.xml file
The elements and attributes used in the MQMFTCredentials.xml file are described in the following list.- <mqmftCredentials>
- The root element of the XML document.
- <file>
- The file in the transfer.
Attribute Description path Path to the key or trust store file being accessed. password Password to access the file. - <logger>
- The logger responsible for logging activity.
Attribute Description name The name of the logger. user The user name the logger will use to connect to its database. password The password the logger will use to connect to its database.
Note: The MQMFTCredentials.xml file can contain
sensitive information, so when it is created ensure that the file permissions are reviewed.
When using a sandbox, set to it be excluded. For more information on sandboxes, see Working with agent sandboxes.