Informatica provides infacmd command line utility to perform various tasks from command line. Using infacmd
you can write scripts to automate your regular tasks. To use any of the infacmd command you need to provide user credentials for the domain and repository. However providing credentials in plain text could be security risk, to avoid this you can use encrypted password and environment variables to make secure connection. In this article we will briefly touch upon following points.
Location
In Unix like operating systemsinfacmd
binaries can be found inside informatica installation directory $INFA_HOME
. Depending on the version of the informatica infacmd can be located in either of the below path.
$INFA_HOME/isp/bin/infacmd.sh
$INFA_HOME/server/bin/infacmd.sh
Execution
If above directories are added inside user's operating system path
variable then you can invoke infacmd from any location of your choice otherwise you will have to manually invoke infacmd
like below.
$INFA_HOME/server/bin/infacmd.sh {command-name} {option} {value} ...
Insecure Execution
infacmd connect to informatica domain, repository service and integration services in order to execute command and perform desired operations. Hence it may verify username and password for both domain and repository.
For example to get informatica workflow log infacmd
executes command GetWorkflowLog which requires both repository and domain credentials and can be executed like below.
Note that how below command accepts domain password (-Password
) and repository password (-RepositoryPassword
) in plain text. Using below command exposes credentials and compromises security.
infacmd GetWorkflowLog -Gateway example.com:8888 -DomainName MY_DOMAIN
-UserName DOMAIN_USERNAME -Password MyStr0ngP#d
-IntegrationService MY_INT_SERVICE -RepositoryService MY_REP_SERVICE
-RepositoryUser REP_USERNAME -RepositoryPassword MyStr0ngP#d
-Format TEXT -OutputFile workflow_name.log -FolderName FOLDER_NAME
-Workflow WORKFLOW_NAME
Secure Execution
To overcome above insecure connection issue you can provide encrypted password as an input to infacmd command using environment variables.
- Encrypt domain and repository password using
pmpasswd
.$ cd $INFA_HOME/server/bin/ $ pmpasswd MyStr0ngP#d Encrypted string -->KBACAF604ekJHoTuzISGOjo==<-- Will decrypt to -->MyStr0ngP#d<--
You should run
pmpasswd
on the same server on which domain you are trying to connect is running on. - Encrypted domain password should be set as an environment variable with name
INFA_DEFAULT_DOMAIN_PASSWORD
.INFA_DEFAULT_DOMAIN_PASSWORD="KBACAF604ekJHoTuzISGOjo=="; export INFA_DEFAULT_DOMAIN_PASSWORD
- Encrypted repository password should be set as an environment variable with name
INFA_REPOSITORY_PASSWORD
.INFA_REPOSITORY_PASSWORD="KBACAF604ekJHoTuzISGOjo=="; export INFA_REPOSITORY_PASSWORD
INFACMD Example - Secure Command INFA_DEFAULT_DOMAIN_PASSWORD="KBACAF604ekJHoTuzISGOjo==";
export INFA_DEFAULT_DOMAIN_PASSWORD
INFA_REPOSITORY_PASSWORD="KBACAF604ekJHoTuzISGOjo==";
export INFA_REPOSITORY_PASSWORD
infacmd GetWorkflowLog -Gateway example.com:8888 -DomainName MY_DOMAIN
-UserName DOMAIN_USERNAME
-IntegrationService MY_INT_SERVICE -RepositoryService MY_REP_SERVICE
-RepositoryUser REP_USERNAME
-Format TEXT -OutputFile workflow_name.log -FolderName FOLDER_NAME
-Workflow WORKFLOW_NAME
Conclusion
We have set encrypted password in environment variable before command execution. It eliminates password flags -Password
and -RepositoryPassword
in command. Informatica will automatically check encrypted passwords and decrypt it internally to execute command. This makes script or command secure by hiding the password.
INFA_DEFAULT_DOMAIN_PASSWORD="KBACAF604ekJHoTuzISGOjo==";
export INFA_DEFAULT_DOMAIN_PASSWORD
INFA_REPOSITORY_PASSWORD="KBACAF604ekJHoTuzISGOjo==";
export INFA_REPOSITORY_PASSWORD
infacmd GetWorkflowLog -Gateway example.com:8888 -DomainName MY_DOMAIN
-UserName DOMAIN_USERNAME
-IntegrationService MY_INT_SERVICE -RepositoryService MY_REP_SERVICE
-RepositoryUser REP_USERNAME
-Format TEXT -OutputFile workflow_name.log -FolderName FOLDER_NAME
-Workflow WORKFLOW_NAME
We have set encrypted password in environment variable before command execution. It eliminates password flags -Password
and -RepositoryPassword
in command. Informatica will automatically check encrypted passwords and decrypt it internally to execute command. This makes script or command secure by hiding the password.