On Windows,
Micro Focus strongly recommends that you configure additional security to restrict access to your vault.
Restrict access to the vault files and to the
secrets.cfg file, which contains information required to read secrets from the vault. Modifying the filesystem permissions can be used
to achieve this:
- Create a group named, for example, "Micro Focus ES". Add the Administrators group and the LOCAL_SYSTEM account to that group.
- Set an inheritable Access Control List (ACL) on
%PROGRAMDATA%\Micro Focus\Enterprise Developer\mfsecrets so that only the "Micro Focus ES" group can read, write, and delete.
Note: All users who start
enterprise server regions from the command line need to be members of the "Micro Focus ES" group; similarly any accounts used to start
enterprise server regions by running casstart (for example, schedulers) need to be members of that group; and similarly if the MFDS service account
is changed, it needs to be a member of that group.