Hi All,
Today we will see how to encrypt Paassword in informatica.
Informatica provides a password encryption utility that can be used for encrypting password. However, once the password is encrypted, the application should have a means of informing Informatica that its an encrypted password and should be dealt with in the appropriate manner.
A encryption utility is shipped with the Informatica product.
The utility is a command line utility with the name pmpasswd.
It is a fairly simple utility to use and is available in the location $INFA_HOME/server/bin.
The usage of the utility is like: pmpasswd <password>
Eg. pmpasswd mypassword
This returns an output of the following manner when run on a 32-bit machine:
Informatica PowerMart Password Encryption Utility, 32-bit
Copyright (c) Informatica Corporation 1996-2007
All Rights Reserved.
Encrypted string -->b9Kbk3qVMuxiG2Xxq1Uu1JtMYdFkA8hjR9GSca4mP60=<--
Will decrypt to -->mypassword<--
Here, the encrypted password is
b9Kbk3qVMuxiG2Xxq1Uu1JtMYdFkA8hjR9GSca4mP60=
for the actual password mypassword
When run again for the same password, it might return a different encrypted string. However, using any one of the returned encrypted strings would do the needed.
Moreover, password encrypted on one server can be used on another server as well, provided, they are on the same version of Informatica and the OS is same.
Using the encrypted password:
In Informatica, one might be required to use the credentials to run command line programs like:
infacmd commands (restarting the Informatica services) or
pmcmd commands (to start execution of workflows) or
pmrep commands (to take backup of a repository)
These commands might be required to run in batch mode or unassisted mode, wherein it would be scheduled and would run on their own without user intervention.
In such cases, it is not advisable to have the password written in the environment files as such and then using it.
In such scenarios, say, for running infacmd commands like restarting the Informatica services, we could run it this way:
export INTEGRATION_SERVICE_NAME=Integration_Service_Name
export DOMAIN_NAME=domain_name
export INFMT_USER=username
export INFA_DEFAULT_DOMAIN_PASSWORD=yxeBUClk/WGEU9wKxR5HrA==
infacmd.sh disableService -dn $DOMAIN_NAME -un $INFMT_USER -sn
$INTEGRATION_SERVICE_NAME -mo Abort
Since, we have the username defined by the environment variable INFMT_USER and the password defined by the variable INFA_DEFAULT_DOMAIN_PASSWORD, when we trigger the disable service command, we do not provide the password variable at all to it. By default, it would take the value in the variable INFA_DEFAULT_DOMAIN_PASSWORD. Also, Informatica here would assume that the password in the variable INFA_DEFAULT_DOMAIN_PASSWORD is encrypted and use it accordingly.
In cases wherein we want to use pmcmd with the encrypted password, we would do it as follows.
export INFMT_USER=user_name
export INFMT_PASS="1Dcyyu57Q8HJjOV+PUP8gQ=="
pmcmd startworkflow -sv $INFMT_INT_SERVICE -d $INFMT_DOMAIN -uv INFMT_USER -pv INFMT_PASS -f $FOLDER_NAME -wait $WORKFLOW_NAME
Informatica would understand that the password provided is in encrypted form and automatically act
accordingly.
In cases wherein we want to use encrypted password in pmrep commands, we would do it as follows.
export INFMT_USER=my_username
export INFA_DEFAULT_DATABASE_PASSWORD="1Dcyyu57Q8HJjOV+PUP8gQ=="
pmrep connect -r EA_FIN_DEV_860 -d DOMAIN_info-dev-02 -n $INFMT_USER -X $INFA_DEFAULT_DATABASE_PASSWORD
Today we will see how to encrypt Paassword in informatica.
Informatica provides a password encryption utility that can be used for encrypting password. However, once the password is encrypted, the application should have a means of informing Informatica that its an encrypted password and should be dealt with in the appropriate manner.
- Creation of encrypted password
- Usage of encrypted password
A encryption utility is shipped with the Informatica product.
The utility is a command line utility with the name pmpasswd.
It is a fairly simple utility to use and is available in the location $INFA_HOME/server/bin.
The usage of the utility is like: pmpasswd <password>
Eg. pmpasswd mypassword
This returns an output of the following manner when run on a 32-bit machine:
Informatica PowerMart Password Encryption Utility, 32-bit
Copyright (c) Informatica Corporation 1996-2007
All Rights Reserved.
Encrypted string -->b9Kbk3qVMuxiG2Xxq1Uu1JtMYdFkA8hjR9GSca4mP60=<--
Will decrypt to -->mypassword<--
Here, the encrypted password is
b9Kbk3qVMuxiG2Xxq1Uu1JtMYdFkA8hjR9GSca4mP60=
for the actual password mypassword
When run again for the same password, it might return a different encrypted string. However, using any one of the returned encrypted strings would do the needed.
Moreover, password encrypted on one server can be used on another server as well, provided, they are on the same version of Informatica and the OS is same.
Using the encrypted password:
In Informatica, one might be required to use the credentials to run command line programs like:
infacmd commands (restarting the Informatica services) or
pmcmd commands (to start execution of workflows) or
pmrep commands (to take backup of a repository)
These commands might be required to run in batch mode or unassisted mode, wherein it would be scheduled and would run on their own without user intervention.
In such cases, it is not advisable to have the password written in the environment files as such and then using it.
In such scenarios, say, for running infacmd commands like restarting the Informatica services, we could run it this way:
export INTEGRATION_SERVICE_NAME=Integration_Service_Name
export DOMAIN_NAME=domain_name
export INFMT_USER=username
export INFA_DEFAULT_DOMAIN_PASSWORD=yxeBUClk/WGEU9wKxR5HrA==
infacmd.sh disableService -dn $DOMAIN_NAME -un $INFMT_USER -sn
$INTEGRATION_SERVICE_NAME -mo Abort
Since, we have the username defined by the environment variable INFMT_USER and the password defined by the variable INFA_DEFAULT_DOMAIN_PASSWORD, when we trigger the disable service command, we do not provide the password variable at all to it. By default, it would take the value in the variable INFA_DEFAULT_DOMAIN_PASSWORD. Also, Informatica here would assume that the password in the variable INFA_DEFAULT_DOMAIN_PASSWORD is encrypted and use it accordingly.
In cases wherein we want to use pmcmd with the encrypted password, we would do it as follows.
export INFMT_USER=user_name
export INFMT_PASS="1Dcyyu57Q8HJjOV+PUP8gQ=="
pmcmd startworkflow -sv $INFMT_INT_SERVICE -d $INFMT_DOMAIN -uv INFMT_USER -pv INFMT_PASS -f $FOLDER_NAME -wait $WORKFLOW_NAME
Informatica would understand that the password provided is in encrypted form and automatically act
accordingly.
In cases wherein we want to use encrypted password in pmrep commands, we would do it as follows.
export INFMT_USER=my_username
export INFA_DEFAULT_DATABASE_PASSWORD="1Dcyyu57Q8HJjOV+PUP8gQ=="
pmrep connect -r EA_FIN_DEV_860 -d DOMAIN_info-dev-02 -n $INFMT_USER -X $INFA_DEFAULT_DATABASE_PASSWORD
5 comments:
Hi there.. Very nice post.. Thanks for sharing.
Could you please advice on a few doubts I have..
1) Do we need to restart Infa Services in order to make encrypted pw work?
2) Could we use the encrypted string as a local variable without Exporting it?
thanks for clear post, very useful
Pmrep command is correct?
"$" sign should not be there I guess..
Please help me with correct command.
Thanks in advance
I have created the encrypted password under bin folder. But workflow is throwing error.it is not able to recognize the encrypted password.
Please help.
It's useful post, Thanks for sharing
Informatica Online Training
Post a Comment