A vault provider is the software module used by the Vault Facility to interact with a particular kind of vault. The mfsecretsaes vault provider included with Enterprise Developer supports both Windows and UNIX platforms. See The mfsecretsaes Vault Provider for more information. [12]
Enterprise Server comes configured with a default vault that uses the mfsecretsaes vault provider. Some components, such as Enterprise Server Common Web Administration (ESCWA), store secrets in this vault automatically. By editing the secrets.cfg file, you can modify configuration parameters for these components, and configure some additional components to use the vault. [12]
By default, the secrets.cfg file is located in the %PROGRAMDATA%\Micro Focus\COBOL Server\mfsecrets directory.
Use the comments contained in the secrets.cfg file to guide your changes.
The following is a sample secrets.cfg file for the default mfsecretsaes vault provider: [12]
# This file controls the operation of applications which access the
# vault interface for storing "secret" values such as passwords and
# other sensitive information. It is strongly recommended that
# appropriate OS file permissions are set and that its contents are
# monitored for any changes.
# NOTE: if configuration values are changed, then "secrets" that
# were previously accessible may become inaccessible. It is strongly
# recommended that appropriate change management is used, and backups
# are made before changes are applied.
# A default vault provider can be set in the "global" configuration.
# Unless a particular applications/software component requires or
# allows use of a specific named provider, the "default" provider
# will be used.
[global]
default provider=mfsecretsaes
# Specify vault providers and their configuration below here.
# Individual vault "providers" will have individual configuration
# requirements. The key=value pairs beneath the logical [provider] label
# will be used by the provider module to control its behaviour.
[mfsecretsaes]
# This should be the name of the provider so/dll. No file extension
# required.
provider name=mfsecretsaes
# The "location" key specifies the physical or logical (depending on vault
# type) directory where secrets will be stored. For the "mfsecretsaes"
# provider, the target directory needs to pre-exist and have appropriate
# file permissions to allow application processes to access the
# vault.
#
# The product installer will initially set a product-specific
# file location by default.
location=C:\ProgramData\Micro Focus\Enterprise Developer\mfsecrets
# Different vault types may also support different sub-modes of operation.
mode=AES256-CBC
# For AES256-CBC a plain text password is used to generate a key and iv.
# By default, the product installer will generate a value.
password=<generated_value>
# Salt is an optional base64 value. By default, the product installer will
# generate a value.
salt=<generated_value> [12]