Often you require details about informatica objects from repository database. Informatica setup provides an API
to fetch required details without querying actual repository database. This API comes under two wrapper scripts known as PMCMD and PMREP. To use this API in script you would need to provide repository password which makes code insecure; Especially connecting with Administrator User. However to hide passwords in scripts this API also facilitates an option to provide password in encrypted format. Below we will discuss how you can use encrypted password with PMCMD
and PMREP
to make your programs more secure.
Generate Encrypted Informatica Password with PMPASSWD
Informatica server provides an utility called pmpasswd
to encrypt informatica password. pmpasswd
accepts password in plaintext as an input and outputs encrypted password. Without Informatica Secret Key Plain Text password cannot be retrieved back using encrypted password. By default pmpasswd
is available in informatica setup at following path : $INFA_HOME/server/bin/pmpasswd
.
cd $INFA_HOME/server/bin/
pmpasswd MyStr0ngP#d
Encrypted string -->KBACAF604ekJHoTuzISGOjo==<--
Will decrypt to -->MyStr0ngP#d<--
Above encrypted password KBACAF604ekJHoTuzISGOjo==
maps to the plaintext password MyStr0ngP#d
.
Configure Password Inside Environment Variables
To make use of encrypted password using PMCMD and PMREP you should provide generated password through environment variables in .profile
. You can set environment variables using following; Replace the value of INF_UNAME
with actual informatica username and INF_PWD
with generated encrypted password.
export INF_UNAME=MY_USER_NAME
export INF_PWD=KBACAF604ekJHoTuzISGOjo==
Note that if you are using default Informatica Administrator user then these details would be already set during Informatica server setup. You can find these details inside environment variables INFA_ADMIN_USER
and INFA_ENCRYPTED_PASSWD
.
PMCMD - Integration Service
pmcmd
program binaries come along with informatica server and can be found at default path $INFA_HOME/server/bin/. pmcmd
is used to communicate with Integration Service and requires initiation of active connection before making actual API call. It takes following mandatory command line parameters.
Flag | Use |
---|---|
-sv | Name of the Integration Service. |
-d | Name of the Informatica Domain. |
-uv | Environment variable having value of informatica username. |
-pv | Environment variable having value of encrypted password for the given informatica username. |
pmcmd
connection can be open for single API call using command line mode or for batch API calls using interactive mode. We can initiate secure connection with username and encrypted password like below.
Secure PMCMD with Command Line Mode
Following is the general syntax to execute pmcmd securely using command line mode.
pmcmd "command-name" -sv "integration service" -d "domain-name" -uv INF_UNAME -pv INF_PWD
Example : Get all running session details from pmcmd with command line mode
pmcmd getrunningsessionsdetails -sv MY_INT_SVC -d MY_INF_DOAMIN -uv INF_UNAME -pv INF_PWD
Secure PMCMD with Interactive Mode
Following is the general syntax to initiate pmcmd securely using an interactive line mode.
pmcmd
connect -sv "integration service"-d "domain-name" -uv INF_UNAME -pv INF_PWD
"command-name"
Example : Get all running session details from pmcmd with interactive mode
pmcmd
connect -sv MY_INT_SVC -d MY_INF_DOAMIN -uv INF_UNAME -pv INF_PWD
getrunningsessionsdetails
PMREP - Repository Service
pmrep
program binaries also come along with informatica server and can be found at default path $INFA_HOME/server/bin/. Like pmcmd
, pmrep
is used to communicate with Repository Service and it also requires initiation of active connection with repository service before making actual API call. It takes following mandatory command line parameters.
Flag | Use |
---|---|
-r | Name of the Repository Service. |
-d | Name of the Informatica Domain. |
-n | Actual value of informatica username. |
-X | Environment variable having value of encrypted password for the given informatica username. |
pmrep
connection can also be open using command line mode or interactive mode. Use following syntax to initiate secure connection with username and encrypted password like below.
Secure PMREP with Command Line Mode
Following is the general syntax to execute pmrep securely using command line mode.
pmrep "command-name" -r "repository service" -d "domain-name" -n "USERNAME" -X INF_PWD
Example : To initiate connect command with pmrep (useful in scripts) in command line mode
pmrep connect -r MY_REP_SVC -d MY_INF_DOAMIN -n MY_USERNAME -X INF_PWD
Secure PMREP with Interactive Mode
Following is the general syntax to initiate pmrep securely using interactive mode.
pmrep
connect -r "repository service"-d "domain-name" -n "USERNAME" -X INF_PWD
Example : To initiate connect command with pmrep in interactive mode
pmrep
connect -r MY_REP_SVC -d MY_INF_DOAMIN -n USERNAME -pv INF_PWD
.
.
.
connect completed successfully.
Conclusion
Always hide password by making use of encrypted password when using pmrep
or pmcmd
inside your scripts. Encrypted password is supported in both command line mode and interactive mode of pmrep and pmcmd.