MQMFT credentials file format

The MQMFTCredentials.xml file is new for WebSphere® MQ Managed File Transfer V7.5. It contains sensitive information previously held in separate properties files. The security of credentials files is the responsibility of the user.

The MQMFTCredentials.xml file must conform to the MQMFTCredentials.xsd schema. The MQMFTCredentials.xml schema document is located in the MQ_INSTALLATION_PATH/mqft/samples/schema directory of the WebSphere MQ Managed File Transfer installation.

Schema

The following schema describes which elements are valid in the MQMFTCredentials.xml file.

<?xml version="1.0" encoding="UTF-8"?>
  <!--
    @start_non_restricted_prolog@
    Version: %Z% %I% %W% %E% %U% [%H% %T%]

    Licensed Materials - Property of IBM

    5724-H72

    Copyright IBM Corp. 2012, 2024. All Rights Reserved.

    US Government Users Restricted Rights - Use, duplication or
    disclosure restricted by GSA ADP Schedule Contract with
	  IBM Corp.
    @end_non_restricted_prolog@
  -->

  <!--
    This schema defines the format of an MQMFTCredentials file. Files of this type
    store credential information for agent and logger processes. They can contain
    user names and passwords either in clear text or which have been obfuscated
    using the fteObfuscate command.
  -->

  <!-- Example MQMFTCredentials.xml file:

  <?xml version="1.0" encoding="UTF-8"?>
    <tns:mqmftCredentials xmlns:tns="http://wmqfte.ibm.com/MQMFTCredentials" 
      xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://wmqfte.ibm.com/MQMFTCredentials MQMFTCredentials.xsd">

      <tns:logger name="LOG1"   user="user1"            password="passw0rd"/>
      <tns:logger name="ORACLE" userCipher="kj2h3dfkgf" passwordCipher="la3n67eaer"/>
      <tns:file   path="home/emma/trust.jks"            password="passw0rd"/>
      <tns:file   path="/var/tmp/keystore.jks"          passwordCipher="e71vKCg2pf"/>

      <tns:qmgr   name="QM_COORD" user="tim" mqUserId="user1"  mqPassword="passw0rd"/>
      <tns:qmgr   name="QM_COORD" user="tom" mqUserId="user1"  mqPasswordCipher="e71vKCg2pf"/>>

    </tns:mqmftCredentials>
  -->     

<schema targetNamespace="http://wmqfte.ibm.com/MQMFTCredentials"
  elementFormDefault="qualified"
  xmlns="https://www.w3.org/2001/XMLSchema"
  xmlns:tns="http://wmqfte.ibm.com/MQMFTCredentials">

  <element name="mqmftCredentials" type="tns:mqmftCredentialsType"/>

  <complexType name="mqmftCredentialsType">
    <sequence>
      <choice minOccurs="0" maxOccurs="unbounded">
        <element name="logger" type="tns:loggerType"/> 
        <element name="file"   type="tns:fileType"/>

      </choice> 
    </sequence>
  </complexType>

  <complexType name="loggerType">
    <attribute name="name"           type="string" use="required"/>
    <attribute name="user"           type="string" use="optional"/>
    <attribute name="userCipher"     type="string" use="optional"/>
    <attribute name="password"       type="string" use="optional"/>
    <attribute name="passwordCipher" type="string" use="optional"/>
  </complexType>

  <complexType name="fileType">
    <attribute name="path"           type="string" use="required"/>
    <attribute name="password"       type="string" use="optional"/>
    <attribute name="passwordCipher" type="string" use="optional"/>
  </complexType>

  <!-- Example XML: 

  <tns:qmgr   name="QM_COORD" user="tim" mqUserId="user1"  mqPassword="passw0rd"/>
  <tns:qmgr   name="QM_COORD" user="tom" mqUserIdCipher="xh5U7812x"  mqPasswordCipher="e71vKCg2pf"/>
  <tns:qmgr   name="QM_COORD" mqUserId="defaultUser"  mqPassword="passw0rd"/>
-->

  <complexType name="mqUserPassType">
    <attribute name="name"             type="string" use="required"/>
    <attribute name="user"             type="string" use="optional"/>
    <attribute name="mqUserId"         type="string" use="optional"/>
    <attribute name="mqUserIdCipher"   type="string" use="optional"/>
    <attribute name="mqPassword"       type="string" use="optional"/>
    <attribute name="mqPasswordCipher" type="string" use="optional"/>
  </complexType>

</schema>

Understanding the MQMFTCredentials.xml file

The elements and attributes used in the MQMFTCredentials.xml file are described in the following list.

<mqmftCredentials>

The root element of the XML document.

<file>

The file in the transfer.

Attribute	Description
path	Path to the key or trust store file being accessed.
password	Password to access the file.

<logger>

The logger responsible for logging activity.

Attribute	Description
name	The name of the logger.
user	The user name the logger will use to connect to its database.
password	The password the logger will use to connect to its database.

Note: The MQMFTCredentials.xml file can contain sensitive information, so when it is created ensure that the file permissions are reviewed. When using a sandbox, set to it be excluded. For more information on sandboxes, see Working with agent sandboxes.