Active IQ Unified Manager Discussions

making netapp-harvest.conf more secure

scheckel

Hi,
 
is it possible to  prevent clear passwords in the netapp-harvest.conf
 
For OCUM and OPM its neccessary to add passwords. I think certificates are not supported.
I remember forr Snap Creator there was a hashed password in the snapcreator.conf would it be possible to implement that for harvest aswell?
 
Best wishes,
Markus.

1 REPLY 1

madden

Hi @scheckel

 

When using password auth the SDK requires the value to be supplied to it in cleartext.  So while Harvest could provide a method to save the password scrambled on disk, it would also have to have the logic to unscramble it when it runs, and since Harvest is not compiled that logic would be plainly visible.  If this scramble logic was a Harvest feature I think you would have security through obscurity since anyone who wanted to unscramble could easily do so by reading the script.

 

 

If you use the RBAC setup documented in the Harvest admin guide the user/password in the conf file is for a limted access read-only user that can only connect via the API.  I think this is the best it can get, but if someone has an idea for how to improve I'm all ears!

 

Cheers,
Chris Madden

Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)

Blog: It all begins with data

 

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both!

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public