Password Alias attribute for dcm:key and dcm:certificate elements

[zfivgas]

The dcm:certificate and dcm:key elements indicate a password attribute however that is deprecated. Is there password alias attribute that can be used?

[nhmathis]

Could you please further explain your error? Which targets are you expecting to use? I'm not seeing references to a deprecated password attribute.

[richgroot]

zfivgas - I don't believe that DCM has not yet been updated to handle password aliases. Anyone can submit a pull request, if you want to take a stab at it. Otherwise I'll see if I can get to it this week or next.

…

On Mon, Jan 29, 2018 at 7:55 AM, Nick Mathison ***@***.***> wrote: Could you please further explain your error? Which targets are you expecting to use? I'm not seeing references to a deprecated password attribute. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#86 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADuMmvbobXn2-L3uS3ZqHR7aWv7lhcSjks5tPdvMgaJpZM4RXDyw> .

[zfivgas]

@nhmathis The use of passwords in certain objects like certificates and keys (http://www-01.ibm.com/support/docview.wss?uid=swg21702755) has been deprecated since v7.2.

http://www-01.ibm.com/support/docview.wss?uid=swg21634531#dr720

@richgroot I would probably do more harm than good trying to update the code. I am not in any rush as this will be an enhancement to some of our process automation. Thank you!

[samdjones]

This missing feature has also irritated me for quite some time and I'm quite sure it has lost DCM some users over the years.

That said, I wouldn't worry too much about using a deprecated DP feature in pre-production environments. So you are ok where you absolutely need deployments to be fully automated (e.g. CI/CD pipelines).

When it comes to production, you can minimize the pain by using the "objects-from-def" DCM task and a definition file with something like this:

<dcm:object-create> <PasswordAlias name="MyPasswordAlias"> <mAdminState>enabled</mAdminState> <UserSummary>Blah blah blah</UserSummary> <Password>${my.password}</Password> </PasswordAlias> </dcm:object-create>

Then post-deploy you will just need to manually use the UI to select the correct PasswordAlias for all your Key objects. Good enough for a handful of passwords; bad luck if you have dozens I'm afraid...