HCI Security Artifacts in the cockpit
Recently the HCI Team introduced the ability to add security artifacts via the HCI cockpit. This is great news as previously this was one of the core issues that forced Eclipse to be used. With the introduction of uploading of the various security artifacts, for the most part Eclipse is no longer required.
Whilst the most common artifacts are supported
- User credentials
- Secure Parameter
- Known Hosts (SSH)
The following are NOT supported:
- OAuth 2
- PGP Public & Secret keyrings
Fortunately the missing artifacts are not often used, since the keystore is now deployed by default in the latest versions of the HCI tenants and the keystore within the tenant contains most of the common root certificates.
Accessing the Security Artifacts
To get access to the security artifacts in your tenant, load the HCI cockpit and from the hamburger menu on the left, choose the Monitoring menu option
This will open the normal monitoring view, however lurking at the bottom is a new tile called “Security Material”.
The security material are the Security Artifacts you know from the Eclipse Plugin. Here we have 54 security artifacts deployed on our tenant at the moment. These will include keystores, credentials, SSH keys and the like for the various iFlows.
Clicking on the tile will open the tile and list all the artifacts deployed on the tenant.
Managing Security Material
There are some important fields to note on this page. The top left is the back button taking you back to the previous list of monitoring tiles. The top right has options to edit and delete the selected row if there is a row selected.
If the Keystore is selected then the edit and delete buttons are replaced by a download button allowing the keystore to be downloaded to the local computer though at the moment there is no option to upload a new keystore.
Finally on the bottom right there is an add button to add a new security artifact to the tenant. As already mentioned there is a restricted list of security materials that can be edited or deleted. If the security material that needs to be edited is not in the list of materials that could be added then the only recourse is to use Eclipse to deploy the artifact through the HCI Tooling in Eclipse.
Managing a Security Artifact
Editing or adding credentials will display a form allowing the editing of the credential. If the credential being edited is a password credential then the password can be changed but the original password will not be revealed!
The name field has the name of the credential which is what you will reference when a credential is required such as with a Request/Reply element requiring Basic Authentication. The username is mandatory but the password is not, though if the credential is edited the username will be displayed. Note too that the password needs to entered twice, once as the password and once more to confirm the password was entered correctly. If this credential is to be used with SuccessFactors then the checkbox needs to be checked as SuccessFactors requires a different method of login
Click on the OK button to save or create the credential in the security materials. The credentials will now be saved to your tenant and can be used in places that require credentials.
If you followed the previous set of tutorials that covered creating an iFlow then when the weather is sent to GMail as an email message, this requires a username and password which is used to authenticate the HCI iFlow with GMail. In the tutorial you would have created a security artifact and deployed it. The above is exactly the same process but done through the HCI Cockpit rather than Eclipse.