Active IQ Unified Manager Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active IQ Unified Manager Discussions

Ask a Question

making netapp-harvest.conf more secure

scheckel
NetApp
‎2017-03-13 05:28 AM
2,895 Views

Hi,
 
is it possible to  prevent clear passwords in the netapp-harvest.conf
 
For OCUM and OPM its neccessary to add passwords. I think certificates are not supported.
I remember forr Snap Creator there was a hashed password in the snapcreator.conf would it be possible to implement that for harvest aswell?
 
Best wishes,
Markus.

0 Kudos
View By:
Tags (3)
1 REPLY 1

madden
NetApp
‎2017-03-13 07:40 AM
2,875 Views

Hi @scheckel

 

When using password auth the SDK requires the value to be supplied to it in cleartext.  So while Harvest could provide a method to save the password scrambled on disk, it would also have to have the logic to unscramble it when it runs, and since Harvest is not compiled that logic would be plainly visible.  If this scramble logic was a Harvest feature I think you would have security through obscurity since anyone who wanted to unscramble could easily do so by reading the script.

 

 

If you use the RBAC setup documented in the Harvest admin guide the user/password in the conf file is for a limted access read-only user that can only connect via the API.  I think this is the best it can get, but if someone has an idea for how to improve I'm all ears!

 

Cheers,
Chris Madden

Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)

Blog: It all begins with data

 

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both!

Announcements
All Community Forums
Public