Attention: This feature is in Early Adopter Program (EAP) release status. We will continue the development of additional features and
provide additional interfaces via patch updates and future releases. Please contact
Micro Focus SupportLine if you require further clarification.
To encrypt sensitive material stored in the database configuration file, enable it to use a secrets vault.
-
Set the following environment variable to the value of the intended secrets vault:
MFDBFH_VAULT=<vault-name>
Note: If you do not set this variable, the vault used defaults to the default vault specified in
secrets.cfg - see
Vault Facility for more information.
-
Set the database configuration file to be vault-enabled:
dbfhconfig vault -file:<file-name>
When a configuration file is vault-enabled, passwords and connection strings are not visible as plain text.
<datastores usevault="true">
<server name="localhost:50000" type="db2" access="odbc">
<dsn name="DB2.VSAM" type="datastore" dsname="VSAM" optio="none +ooseq" dbname="MYMFFILS" connect="$$vault$$"/>
<dsn name="DB2.SEQ" type="datastore" dsname="VSAM" optio="none +ooseq" bitism:"32" userid="db2admin" password="$$vault$$"/>
<dsn name="DB2.ESDEMO" type="region.cas" region="ESDEMO" feature="all" dbname="MYMFFILS" connect="$$vault$$"/>
<dsn name="DB2.CROSSREGION" type="crossregion.cas" dsname="$XREGN$" dbname="MYMFFILS" connect="$$vault$$"/>
</server>
</datastores>