Configuring encrypted security credentials
You can configure integration nodes and integration servers to connect to secured resources by using credentials that are stored in encrypted form in an IBM® App Connect Enterprise vault.
You can configure security credentials by using the mqsicredentials command or the administrative REST API, and you can view credentials by using the web user interface. The encrypted credentials are stored in a vault, which you can configure by using the mqsivault command, or by specifying a vault key on the mqsicreatebroker command.
Alternatively, you can use the mqsisetdbparms command to associate credentials with resources that are accessed by an integration server or an integration node. For more information, see mqsisetdbparms command.
Creating a vault by using the mqsivault command
Before you can store encrypted credentials for an integration node or integration server, you must configure an App Connect Enterprise vault. You create a separate vault for each independent integration server, and for each integration node. Each independent integration server has its own vault, with its own vault key. Each integration node has its own vault, with its own vault key, which is shared by all the integration servers that it manages. Each integration server that is managed by an integration node has its own credentials stored in the vault, but all the credentials in the vault are accessed by the same vault key.
You can use the mqsivault command to create or destroy a vault, to change or verify a vault key, or to retrieve credentials from the vault. The vault stores the credentials (in encrypted form), and the integration node or server uses them to access secured resources.
For more information about how to use the command, see mqsivault command.
Creating a vault by using the mqsicreatebroker command
If you create an integration node by running the mqsicreatebroker command, you can create a vault for that integration node by specifying either the --vault-key or --vaultrc-location parameter on the command. For more information about how to use the command, see mqsicreatebroker command.
Configuring encrypted credentials by using the mqsicredentials command
You can use the mqsicredentials command to configure an integration node or integration server to use encrypted credentials for connecting to a secured resource.
You use the mqsicredentials command to create, update, report, and delete credentials for an independent integration server or for an integration node and the integration servers that it manages. You can use the command to create and report credentials when the integration server is running or stopped, but you must stop the integration server before you can update or delete credentials.
For information about how to use the command, see mqsicredentials command.
Creating and viewing credentials by using the administration REST API
You can use the IBM App Connect Enterprise administration REST API to create or report security credentials for an integration node or server. For information about using the administration REST API, see REST API for administering integration servers.
Viewing credentials by using the web user interface
You can use the IBM App Connect Enterprise web user interface to view credentials for an integration node or server.
To display information about the credential, start the web user interface to view the relevant integration server, and then click the tile for the credential that you want to view. The properties for that credential are displayed, including the user name, authentication type, credentials provider, whether the credential is read-only, and whether a password has been set. For information about how to start the web user interface, see Accessing the web user interface.