A vault provider is the software module used by the Vault Facility to interact with a particular kind of vault. The mfsecretsaes vault provider included with Enterprise Developer supports both Windows and UNIX platforms. See The mfsecretsaes Vault Provider for more information.
Enterprise Server comes configured with a default vault that uses the mfsecretsaes vault provider. Some components, such as Enterprise Server Common Web Administration (ESCWA), store secrets in this vault automatically. By editing the secrets.cfg file, you can modify configuration parameters for these components, and configure some additional components to use the vault.
By default, the secrets.cfg file is located in the %PROGRAMDATA%\Micro Focus\Visual COBOL\mfsecrets directory.
Use the comments contained in the secrets.cfg file to guide your changes.
The following is a sample secrets.cfg file for the default mfsecretsaes vault provider:
# This file controls the operation of applications which access the # vault interface for storing "secret" values such as passwords and # other sensitive information. It is strongly recommended that # appropriate OS file permissions are set and that its contents are # monitored for any changes. # NOTE: if configuration values are changed, then "secrets" that # were previously accessible may become inaccessible. It is strongly # recommended that appropriate change management is used, and backups # are made before changes are applied. # NOTE: A vault is a logical configuration set which determines the # location and method used to store secrets. The "provider" is the # software module which implements access to the vault. # A default vault can be set in the "global" configuration. # Unless a particular applications/software component requires or # allows use of a specific named vault, the "default" vault # will be used. [global] default vault=aesvault # To enable audit using mfaudit configure audit enabled to TRUE or YES # For details on configuring mfaudit consult product documentation. audit enabled=FALSE # Specify vaults and their configuration below here. # Individual "vaults" will have individual configuration # requirements. The key=value pairs beneath the logical [vault] label # will be used by the provider module to control its behavior. [aesvault] # This should be the name of the provider so/dll. No file extension # required. provider name=mfsecretsaes # The "location" key specifies the physical or logical (depending on # provider type) directory where secrets will be stored. For the # "mfsecretsaes" provider, the target directory needs to pre-exist and # have appropriate file permissions to allow application processes to # access the location. # # The product installer will initially set a product-specific # file location by default. location=<location> # Different vault types may also support different sub-modes of operation. mode=AES256-CBC # For AES256-CBC a plain text password is used to generate a key and iv. # By default, the product installer will generate a value. password=<password> # Salt is an optional base64 value. By default, the product installer will # generate a value. salt=<salt>