is it possible to prevent clear passwords in the netapp-harvest.conf
For OCUM and OPM its neccessary to add passwords. I think certificates are not supported. I remember forr Snap Creator there was a hashed password in the snapcreator.conf would it be possible to implement that for harvest aswell?
When using password auth the SDK requires the value to be supplied to it in cleartext. So while Harvest could provide a method to save the password scrambled on disk, it would also have to have the logic to unscramble it when it runs, and since Harvest is not compiled that logic would be plainly visible. If this scramble logic was a Harvest feature I think you would have security through obscurity since anyone who wanted to unscramble could easily do so by reading the script.
If you use the RBAC setup documented in the Harvest admin guide the user/password in the conf file is for a limted access read-only user that can only connect via the API. I think this is the best it can get, but if someone has an idea for how to improve I'm all ears!
Cheers, Chris Madden
Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)