making netapp-harvest.conf more secure
2017-03-13 05:28 AM
is it possible to prevent clear passwords in the netapp-harvest.conf
For OCUM and OPM its neccessary to add passwords. I think certificates are not supported.
I remember forr Snap Creator there was a hashed password in the snapcreator.conf would it be possible to implement that for harvest aswell?
1 REPLY 1
Re: making netapp-harvest.conf more secure
2017-03-13 07:40 AM
When using password auth the SDK requires the value to be supplied to it in cleartext. So while Harvest could provide a method to save the password scrambled on disk, it would also have to have the logic to unscramble it when it runs, and since Harvest is not compiled that logic would be plainly visible. If this scramble logic was a Harvest feature I think you would have security through obscurity since anyone who wanted to unscramble could easily do so by reading the script.
If you use the RBAC setup documented in the Harvest admin guide the user/password in the conf file is for a limted access read-only user that can only connect via the API. I think this is the best it can get, but if someone has an idea for how to improve I'm all ears!
Solution Architect - 3rd Platform - Systems Engineering NetApp EMEA (and author of Harvest)
Blog: It all begins with data
If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO or both!