In this article, I describe how to create a vault in App Connect Enterprise V11 Fixpack 6 and then store credentials in it in encrypted form. These encrypted credentials are used by a flow running in an Integration Server on a Mac to access a DB/2 database on Windows using JDBC. I am accessing data from the database using a Java Compute node and a JDBC Provider policy. The credential is referenced in the JDBC Provider policy for accessing the database.
(Watch the video to follow the steps described in this article)
App Connect Enterprise Vault
New in App Connect Enterprise V11 Fixpack 6, is a vault which uses symmetric encryption to encrypt and decrypt data records that are stored in the vault. AES 256-bit Encryption is used for encrypting the data in the vault. The vault is accessed using a vault key.
A new command called
mqsivault is provided which allows you to create or destroy a vault in a work directory, that is used by an Integration Server. If a vault has been created in the work directory, then the vault key must be specified when starting the Integration Server. The vault key can be stored in a
.mqsivaultrc file which can be used instead of specifying the vault key as a parameter value for a command.
Storing Credentials in the Vault
Having created the vault, you can use it to store data in it which will be encrypted in the vault. In V11 fixpack 6, we have provided a new command called
mqsicredentials which allows you to store credentials in the vault. The
mqsicredentials command can be used as an alternative to
mqsisetdbparms. The credentials will be encrypted in the vault and can be used by the Integration Server to access external resources like databases. You must specify the vault key when using the
mqsicredentials command if the Integration Server is stopped.
End-to-end example using JDBC
In this article, I have shown how to create a vault in an Integration Server, using
mqsivault. The vault can be used to store credentials in encrypted form. A vault key must be supplied for the Integration Server to access the vault. The vault key can be supplied in different ways, either as a parameter value, or using a
.mqsivaultrc file. The
mqsicredentials command can be used as an alternative to mqsisetdbparms.
For more information see these topics in the App Connect Enterprise Knowledge Center:
Configuring encrypted security credentials