jimasecret

Organization of this page

Function

This command obfuscates the specified secret and add it to the secret management File. Added secret is read and used by JP1/IM - Agent service.

For details about the secrets that you can Setup with this command, see 3.15.10 Secret obfuscation function in the JP1/Integrated Management 3 - Manager Overview and System Design Guide.

To Page Top

Format

To list the keys that added a secret:

jimasecret -list
                   [-l shared-directory]

To add or update a secret specifying the key:

jimasecret -add
                   -key key-name
                   -s secret
                   [-l shared-directory]

To delete the secret specifying the key:

jimasecret -rm
                   -key key-name
                   [-l shared-directory]

To Page Top

Execution permission

In Windows: Administrator permissions (if the Windows UAC feature is enabled, the command is executed from the administrator console)

In UNIX: Superuser permissions

To Page Top

Storage directory

In Windows:: Agent-path\tools\
In Linux:: /opt/jp1ima/tools/

To Page Top

Arguments

-list

Lists the keys for the secret that you add. The secrets are not displayed.

It cannot be specified together with -add, or -rm option.

-add

Add a new secret by keying it.

If you specify a key that has already been added, overwrite the secret. At this time, overwriting is not checked.

You can Add up to 1,000 secrets.

If you specify this option, you must also specify -key and -s options.

Cannot be specified together with -list or -rm option.

-rm

Delete the secret that is already added by keying.

If a key that does not exist is specified, Error is returned.

If you specify this option, you must also specify -key option.

Cannot be specified together with -list or -rm option.

-key key-name

Specifies the key-name of the secret that you want to add, modify, or delete.

The characters that can be specified are 0x20 to 0x7e characters of ASCII.

The maximum length that can be specified is 1,024 characters.

The specific key format is shown below.

- Information about the manager of connection destination:

Key for the proxy password to connect to the manager host:

immgr.proxy_user.authentication-ID

For the authentication-ID, specify the user ID specified in the immgr.proxy_user in the imagent common settings file (jpc_imagentcommon.json).

The key of initial secret to connect to the manager host:

immgr.initial_secret

The key of client secret to connect to the manager host:

immgr.client_secret

If you use data delivery function to multiple manager hosts, use the following keys instead of the above keys:

Key for the proxy password to connect to the manager host

jmmgr.proxy_user-imagent-group-identifier.Authentication-ID

For the authentication-ID, specify the user ID specified in the proxy_user of the secondary element (the element whose imagid below immgrs array matches imagent group-identifier) in the imagent common configuration file (jpc_imagentcommon.json).

Keying initial secret to connect to the manager host

immgr.initial_secret-imagent-group-identifier

Keying client secret to connect to the manager host

immgr.client_secret-imagent-group-identifier

- JP1/IM agent control base

The key for registration of password of the user used for Action Execution:

action.user.user-name

Set user name user that is set to action.username in imagent configuration file (jpc_imagent.json). This is only for Windows. In Linux, it is ignored even if it is specified.

Important: Value specified in -key is not checked for correct format.

Note: Specify client secret only if you want to manually delete it.

- For Blackbox exporter:

Key to add password of the proxy authentication:

Blackbox.module-name.proxy_user.authentication-ID

For the module-name, specify the module name specified for Blackbox exporter configuration file (jpc_blackbox_exporter.yml).

For authentication-ID, specify the user ID specified for proxy_user in Blackbox exporter configuration file (jpc_blackbox_exporter.yml)

Keys used to Add Password of the monitored Web Server:

Blackbox.module-name.basic_auth.authentication-ID

For the module-name, specify the module name specified for Blackbox exporter configuration file (jpc_blackbox_exporter.yml).

For authentication-ID, specify the user ID specified for basic_auth.username in Blackbox exporter configuration file (jpc_blackbox_exporter.yml)

Key to add Bearer token of the monitored Web Server:

Blackbox.module-name.bearer_token

For the module-name, specify the module name specified for Blackbox exporter configuration file (jpc_blackbox_exporter.yml).

- For Primitor

Keys used to add client secret of the Resource Discovery:

Promitor.resource_discovery.env.AUTH_APPKEY

Key to add client secret key of the Scraper:

Promitor.scraper.env.AUTH_APPKEY

- For OracleDB exporter

There are two types of keys for registering a password for connecting to OracleDB:

Password-key to connect to OracleDB (type of specifying the username)

OracleDB.user.user-name

For the user-name, specify the username that is set in the environment-variable DATA_SOURCE_NAME. Make sure to match the case.

Password-key to connect to OracleDB (type of specifying the host name, listener service name, and username)

OracleDB.host.host-name.listener.listener-service-name.user.user-name

For the host-name, specify the hostname of OracleDB server for DATA_SOURCE_NAME. Make sure to match the case.

For the listener-service-name, specify the service name of the environment-variable DATA_SOURCE_NAME. Make sure to match the case.

For the user-name, specify the username that is set in the environment-variable DATA_SOURCE_NAME. Make sure to match the case.

Typically, you use the key which is the "type of specifying the username".

If more than one user with the same username exists and a different password is set, you must set a password for each OracleDB host/service using the "type of specifying the host name, listener service name, and username".

OracleDB exporter retrieves the values of the host-name, listener-service-name, and user-name from the values of the environment variable DATA_SOURCE_NAME. Search for a registered password by configuring the key in the "type of specifying the username" or the "type of specifying the host name, listener service name, and username". If the password could be retrieved in both formats, use the key "type of specifying the host name, listener service name, and username".

- For Web exporter

There are two types of keys for registering passwords for executing Web scenarios from Web exporter:

Password key for executing Web scenarios (in the form of a username)

Webscena.user.user-name

The username specifies the user specified in Web exporter configuration file (jpc_web_exporter) username.

Password key for executing Web scenarios (in the form of a username and domain name)

Webscena.user.user-name.domainname.domain-name

The username specifies the user specified in Web exporter configuration file (jpc_web_exporter) username.

For domain name, specify domain name specified in Web exporter configuration file (jpc_web_exporter) domainname.

If there is more than one user with the same username, use the key in the Format for specifying the username and domain name.

- For VMware exporter

Section password key to connect to VMware ESXi

When using VMware exporter, be sure to specify "vmware.section.default" as the key. The first section name of the connection destination is "default" and the secret for "default" is mandatory.

Vmware.section.section-name

For the section name, specify the section name specified in VMware exporter configuration file (jpc_vmware_exporter.yml).

-s secret

Specifies the secret (Password) to be added or updated.

The characters that can be specified are 0x20 to 0x7e characters of ASCII.

The maximum length that can be specified is 1,024 characters.

-l shared-directory

For a Logical host environment, specify Logical host shared directory.

Specify a relative or absolute path.

The length of the path can be up to 63 bytes.

Character types are not checked.

To Page Top

Notes

The Value specified in -key is not checked for correct format.

When you run this command, if the secret (password) contains the subject characters listed in the following table, escaping is required.

Target characters that require escaping	How to escape	Escape example
`"`	Escaping is required in both Window and Linux environments. Insert the escape character "`\`" before the target symbol.	`\"`Password`"`
`^`	Escaping is required in both Window and Linux environments. Enclose the password in double quotation marks.	`"^`Password`"`
`<`		`"<`Password`"`
`>`		`">`Password`"`
`&`		`"&`Password`"`
`\|`		`"\|`Password`"`
`!`	Escaping is required only for Linux environments. Insert the escape character "`\`" before the target symbol.	`\!`Password
`$`		`\$`Password
`\`		`\\`Password
`		\`Password
`'`	Escaping is required only for Linux environments. Enclose the password in double quotation marks.	`"'`Password`"`
`(`		`"(`Password`"`
`)`		`")`Password`"`
`;`		`";`Password`"`

To Page Top

Return values

0	Normal termination
1	Abnormal termination (user-caused Error)
2	Abnormal termination (miscellaneous Error)

To Page Top

Log output

Output destination

- In Windows:

Agent-path\logs\tools\

- In Linux:

/opt/jp1ima/logs/tools/

To Page Top

Example

To add a secret:

> jimasecret -add -key Blackbox.http1.proxy_user.p-user01 -s password01

To delete a secret:

> jimasecret -rm -key Blackbox.http1.proxy _user.p-user01

To list the keys that have been added

> jimasecret -list
Blackbox.http1.proxy_user.p-user01
Blackbox.http1.basic_auth.w-user01
immgr.proxy_user.user01

To Page Top