mqsivault command

Use the mqsivault command to configure an IBM® App Connect Enterprise vault, which can be used by either an independent integration server or an integration node and the integration servers that it manages.

Supported platforms

Windows
Linux®
AIX®

Purpose

You can use the mqsivault command to create or destroy a vault, to change or verify a vault key, or to retrieve credentials from the vault. The vault stores the records in encrypted form. Credentials that are stored in the vault are used by an integration node or integration server to access secured resources from a message flow.

Each vault can be used by either an independent integration server or an integration node and the integration servers that it manages. Each independent integration server has its own vault, with its own vault key. Each integration node has its own vault, with its own vault key, which is shared by all the integration servers that it manages. Each integration server that is managed by an integration node has its own credentials stored in the vault, but all the credentials in the vault are accessed by the same vault key. For more information about storing credentials in the IBM App Connect Enterprise vault, see Configuring encrypted security credentials.

For information about creating, updating, retrieving, or deleting the security credentials, see mqsicredentials command.

Syntax

Create or destroy a vault

Change or verify a vault key

Retrieve vault credentials

Add, update, or delete a vault key in a .mqsivaultrc file

Add, update, or delete a default vault key in a .mqsivaultrc file

Parameters

--work-dir workpath: (Optional) This parameter specifies the work directory for the independent integration server to which the vault applies.
integrationNodeName: (Optional) This parameter specifies the name of the integration node to which the vault applies. If this parameter is specified, a single vault is created and shared by all integration servers that are managed by the specified integration node, and each integration server uses the same vault key to access the credentials that are stored in the vault.
--integration-connection-file fileName: (Optional) This parameter specifies a file containing connection parameters for an integration node or server. If you do not specify the --integration-connection-file parameter, you must specify either the integrationNodeName, the --admin-host and --admin-port parameters, or the --work-dir parameter.
--admin-host hostname: (Optional) This parameter specifies the hostname or IP address of the computer on which the integration node or integration server is running. If you do not specify the --admin-host and --admin-port parameters, you must specify either the integrationNodeName, --integration-connection-file, or --work-dir parameter.
--admin-port port: (Optional) This parameter specifies the port of the integration node or server. If you do not specify the --admin-host and --admin-port parameters, you must specify either the integrationNodeName, --integration-connection-file, or --work-dir parameter.
--create: (Optional) Specify this parameter to create a vault for the specified integration node or server.
--vault-key vaultKey: (Optional) This parameter specifies the vault key to be used for creating the vault. If the parameter value (vaultKey) is omitted, the user is prompted to enter it.
--change-vault-key: (Optional) Specify this parameter to change an existing vault key to a new one. If you specify this parameter, you must also specify the --old and --new parameters.
--old oldVaultKey: (Optional) This parameter specifies the current vault key, which is to be replaced by the new vault key specified by the --new parameter.
--new newVaultKey: (Optional) This parameter specifies the new vault key, which is to replace the current vault key specified by the --old parameter.
--destroy: (Optional) Specify this parameter to destroy the vault and all the data stored in it.
--verify-key: (Optional) Specify this parameter to verify that the supplied vault key is valid to use for accessing the vault.
--decode recordURI: (Optional) Specify this parameter to retrieve the named record from the vault and display it on the screen. For example, --decode credentials/jdbc/test_id.
--vaultrc-location: (Optional) This parameter specifies the location of the .mqsivaultrc file used to locate the vault key.
--vaultrc-store-key: (Optional) Specify this parameter to add or update a vault key for an integration node or server into a .mqsivaultrc file.
--vaultrc-remove-key: (Optional) Specify this parameter to remove a vault key for an integration node or server from a .mqsivaultrc file.
--vaultrc-store-default-key: (Optional) Specify this parameter to add or update a default vault key into a .mqsivaultrc file.
--vaultrc-remove-default-key: (Optional) Specify this parameter to remove the default vault key from a .mqsivaultrc file.
--trace traceFileName: (Optional) This parameter writes debug trace information about the command to the specified output file.