Tech Monger

Programming, Web Development and Computer Science.

Skip to main content| Skip to information by topic

Write Secure Informatica Code with PMCMD and PMREP

Often you require details about informatica objects from repository database. Informatica setup provides an API to fetch required details without querying actual repository database. This API comes under two wrapper scripts known as PMCMD and PMREP. To use this API in script you would need to provide repository password which makes code insecure; Especially connecting with Administrator User. However to hide passwords in scripts this API also facilitates an option to provide password in encrypted format. Below we will discuss how you can use encrypted password with PMCMD and PMREP to make your programs more secure.

  1. Generate Encrypted Password
  2. Configure Environment Variables
  3. PMCMD - Integration Service
  4. PMREP - Repository Service
  5. Conclusion

Generate Encrypted Informatica Password with PMPASSWD

Informatica server provides an utility called pmpasswd to encrypt informatica password. pmpasswd accepts password in plaintext as an input and outputs encrypted password. Without Informatica Secret Key Plain Text password cannot be retrieved back using encrypted password. By default pmpasswdis available in informatica setup at following path : $INFA_HOME/server/bin/pmpasswd. 

cd $INFA_HOME/server/bin/
pmpasswd MyStr0ngP#d

Encrypted string -->KBACAF604ekJHoTuzISGOjo==<--
Will decrypt to  -->MyStr0ngP#d<--

Above encrypted password KBACAF604ekJHoTuzISGOjo== maps to the plaintext password MyStr0ngP#d.

Configure Password Inside Environment Variables

To make use of encrypted password using PMCMD and PMREP you should provide generated password through environment variables in .profile. You can set environment variables using following; Replace the value of INF_UNAME with actual informatica username and INF_PWDwith generated encrypted password. 

export INF_UNAME=MY_USER_NAME
export INF_PWD=KBACAF604ekJHoTuzISGOjo==

Note that if you are using default Informatica Administrator user then these details would be already set during Informatica server setup. You can find these details inside environment variables INFA_ADMIN_USER and INFA_ENCRYPTED_PASSWD.

PMCMD - Integration Service

pmcmd program binaries come along with informatica server and can be found at default path $INFA_HOME/server/bin/. pmcmd is used to communicate with Integration Service and requires initiation of active connection before making actual API call. It takes following mandatory command line parameters.

Flag Use
-sv Name of the Integration Service.
-d Name of the Informatica Domain.
-uv Environment variable having value of informatica username.
-pv Environment variable having value of encrypted password for the given informatica username.

pmcmd connection can be open for single API call using command line mode or for batch API calls using interactive mode. We can initiate secure connection with username and encrypted password like below.

Secure PMCMD with Command Line Mode

Following is the general syntax to execute pmcmd securely using command line mode.

pmcmd "command-name" -sv "integration service" -d "domain-name" -uv INF_UNAME -pv INF_PWD
Example : Get all running session details from pmcmd with command line mode
pmcmd getrunningsessionsdetails -sv MY_INT_SVC -d MY_INF_DOAMIN -uv INF_UNAME -pv INF_PWD

Secure PMCMD with Interactive Mode

Following is the general syntax to initiate pmcmd securely using an interactive line mode.

pmcmd
connect -sv "integration service"-d "domain-name" -uv INF_UNAME -pv INF_PWD
"command-name"
Example : Get all running session details from pmcmd with interactive mode
pmcmd
connect -sv MY_INT_SVC -d MY_INF_DOAMIN -uv INF_UNAME -pv INF_PWD
getrunningsessionsdetails

PMREP - Repository Service

pmrep program binaries also come along with informatica server and can be found at default path $INFA_HOME/server/bin/. Like pmcmd, pmrep is used to communicate with Repository Service and it also requires initiation of active connection with repository service before making actual API call. It takes following mandatory command line parameters.

Flag Use
-r Name of the Repository Service.
-d Name of the Informatica Domain.
-n Actual value of informatica username.
-X Environment variable having value of encrypted password for the given informatica username.

pmrep connection can also be open using command line mode or interactive mode. Use following syntax to initiate secure connection with username and encrypted password like below.

Secure PMREP with Command Line Mode

Following is the general syntax to execute pmrep securely using command line mode.

pmrep "command-name" -r "repository service" -d "domain-name" -n "USERNAME" -X INF_PWD
Example : To initiate connect command with pmrep (useful in scripts) in command line mode
pmrep connect -r MY_REP_SVC -d MY_INF_DOAMIN -n MY_USERNAME -X INF_PWD

Secure PMREP with Interactive Mode

Following is the general syntax to initiate pmrep securely using interactive mode.

pmrep
connect -r "repository service"-d "domain-name" -n "USERNAME" -X INF_PWD
Example : To initiate connect command with pmrep in interactive mode
pmrep
connect -r MY_REP_SVC -d MY_INF_DOAMIN -n USERNAME -pv INF_PWD
.
.
.
connect completed successfully.

Conclusion

Always hide password by making use of encrypted password when using pmrep or pmcmd inside your scripts. Encrypted password is supported in both command line mode and interactive mode of pmrep and pmcmd.

Tagged Under : Informatica Linux PMCMD PMREP

Previous Next