Versions Compared

Old Version 16

changes.mady.by.user Fenyvesi, Gabor

Saved on

compared with

New Version 17

changes.mady.by.user Fenyvesi, Gabor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Status
colourGreen
titleAVAILABLE IN 9.8.0 AND LATER

In a VFC system, numerous entities exist containing credential-type data. The endpoints covered in this article allow changing the credentials programmatically. With the following functionality, a custom integrator application can be implemented to rotate passwords of the different entities from a common password vault solution. With this approach, common technical accounts' password leakage or sharing can be prevented. This article introduces how these credentials can be managed via the v1 REST API in the following sections.

...

For the applications that manage credentials in the system, the following actions are required:

...

The non-sensitive data change can be validated with the previous response, which contains the whole entity object with the new modified values. The sensitive information can be verified with the following request. Due to a Storage Target entities can have different types with different object properties, for password verification, the verified property name has to be passed with the checked plain password too.

...

The non-sensitive data change can be validated with the previous response, which contains the whole entity object with the new modified values. The sensitive information can be verified with the following request. Due to an Import Source entities can have different types with different object properties, for password verification, the verified property name has to be passed with the checked plain password too.

...

The server configurations are stored in two locations in the system: in the central database that allows to manage and review them the values via the user interface; and in every server’s registry that allows the local services to read them. The current configuration values can be retrieved from both locations.

...

Another difference between the server configuration-related endpoints and the other aforementioned introduced endpoints is password verification. As a result of the complex connection string format, there is no password verification action in these endpoints. The encrypted values can be retrieved by the client.

...

In the following sections, different use case examples demonstrate the usage of the server configuration-related endpoints.

Use case: Individual server configuration modification

...

If the value should be encrypted , like in this case, the new value should be encrypted with the following request:

...

After one change every server is affected that uses the changed configuration profile. Due to that the necessary configuration tasks have been created by the system for every related server. In the case of a configuration profile, there is no need to resolve differences. The following request retrieves the list of the created configuration tasks for every server.

...

That configuration list should be used as a template. After changing the values in the template it can be sent for an import to the new server with the following request:

...