Credentials

Get Credentials.

The credential object can be accessed with the built-in getcredential_Function_but only if the user executing the DMScript has read access to it.

If the credential can be read, then its attributes can be accessed:

The following properties can be accessed for a credential object:

Property Type Description
id Integer Endpoint id, as used in the database.
name String Endpoint name.
fqdomain String Fully qualified domain name.
summary String Summary text.
domain Object Domain in which the Credential is contained.
owner Object User or UserGroup that owns the Endpoint.
username String Decrypted username.
password String Decrypted password.
b64auth String A string representing the decrypted username and password together, with a : separator and then base64 encoded. Used for Basic Authorization for web-based APIs. See the description of restful_post, restful_get and soap in the high level section named Built-In Functions for more information.
creator User User Object representing the user who created this credential.
modifier User User Object representing the user who last modified this credential.
ctime Date Date Object representing the date/time the credential was created.
mtime Date Date Object representing the date/time the credential was last modified.
kind String Credential Kind.

You can use the credential object to access external systems in a secure and controlled manner. The user executing the DMScript must have read access to the Credential. However, having read access does not allow the username/password to be viewed or modified using the Web UI. (The username is only displayed for the Credential owner, the username and password can only be changed if the User has update access to the Credential).

Example

set db2creds = getcredential("db2cred");

set username = ${db2creds.username};

set password = ${db2creds.password};

// username and password can now be used to access external system

b64authcan be used to generate an authorization string for Basic authentication for web- based APIs. For example:

set webcreds = getcredential("mydomain.webcred");

set auth = ${webcreds.b64auth};

set header = {

"Authorization": "Basic $auth"

};

set res = restful\_get("https://myurl",null,null,$header);

NOTE: See the description of restful_get for more information.

NOTE: If you wish to prevent the credential from being decrypted, then you ensure that the right to create DMScript is only granted to power users. Otherwise, a user could create a DMScript to decrypt a credential to which they only have read access.

Last modified May 19, 2020: after dmscript (aa9d9ae)