Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
titlePasswords encrypted at rest
Session passwords are encrypted at rest (on the file in disk) during the save using Windows DPAPI (user-based) encryption. These profile files will therefore only ever be able to be used and decrypted by the Windows user who saved them. 

Include Passwords


Note
titleNote

Only Profile files stored in the Windows users AppData directory under sub folders 'WhereScape\RED' will be shown on the RED Login screen.


Tip
titleTip

The users' AppData location can be found by typing %APPDATA% into the address bar of a Windows browser and pressing enter.

Tips for Using OAuth or similar authentication methods

...

Code Block
languagepowershell
titleDPAPI Encrypt
linenumberstrue
collapsetrue
Add-Type -AssemblyName System.Security

$myPass = "myp@ssw0rd!"

# Convert the pwd string to a byte array.
$bytes = [System.Text.Encoding]::Unicode.GetBytes($myPass)

# Encrypt the byte array.
$encryptedBytes = [System.Security.Cryptography.ProtectedData]::Protect(
        $bytes, 
        $null, 
        [System.Security.Cryptography.DataProtectionScope]::CurrentUser)

# This is the equivalent form stored in the Profile files for RED
$encryptedProfilePassword=[System.Convert]::ToBase64String($encryptedBytes)

Write-Output $encryptedProfilePassword
If for 

...

some reason you need to decrypt the profile file passwords in a script the below method shows how to do this. Note that only the same Windows User that encrypted the password in the first place will be able to decrypt it.

Example PowerShell script to decrypt Windows DPAPI encrypted base64 Unicode string:

...

Code Block
languagejava
titleProfile JSON
collapsetrue
{
 "connections": [{
   "connectionName": "Tutorial (OLTP)",
   "connectionString": "dsn=$DSN$;uid=$USER$;pwd=$PASSWORD$;database=WslTutorial_DataSeq;",
   "password": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAK9Z1yRvrzEOIvwCfKZ96UAAAAAACAAAAAAAQZgAA",
   "userId": "red1"
  }, {
   "connectionName": "SQL_Target",
   "connectionString": "dsn=$DSN$;uid=$USER$;pwd=$PASSWORD$;database=sql15_9010_pg;",
   "password": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAK9Z1yRvrzEOIvwCfKZ96UAAAAAACAAAAAAAQZgAA",
   "userId": "red1"
  }, {
   "connectionName": "PostgreSQL_Target",
   "connectionString": "dsn=$DSN$;uid=$USER$;pwd=$PASSWORD$;database=pg15_9010;",
   "password": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAK9Z1yRvrzEOIvwCfKZ96UAAAAAACAAAAAAAQZgAA",
   "userId": "reduser_user"
  }, {
   "connectionName": "WslTutorial_DataSeq",
   "connectionString": "dsn=$DSN$;uid=$USER$;pwd=$PASSWORD$;",
   "password": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAK9Z1yRvrzEOIvwCfKZ96UAAAAAACAAAAAAAQZgAA",
   "userId": "red1"
  }
 ],
 "redConnectionMethod": "Advanced Connect",
 "redConnectionString": "dsn=$DSN$;uid=$USER$;pwd=$PASSWORD$;database=sql15_9010_pg;",
 "redDatabase": "sql15_9010_pg",
 "redDsn": "sql15",
 "redDsnArchitecture": "64",
 "redServer": "",
 "redServerPort": "",
 "redUserId": "red1",
 "redUserPwd": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAK9Z1yRvrzEOIvwCfKZ96UAAAAAACAAAAAAAQZgAA"
}



Using Profiles


The following Environment Variables are created at run-time for Scripts associated to ODBC, Database and Extensible Source Connections:
Where User, Password and Connection Strings are set from the current RED session credentials in the in-memory Profile.
WSL_<META|TGT|SRC>_CONSTRING contains the complete connection string with tokens $DSN$, $USER$, $PASSWORD$ replaced.
 


Metadata

Target

Source

WSL_META_DSN

WSL_TGT_DSN

WSL_SRC_DSN

WSL_META_DSN_ARCH

WSL_TGT_DSN_ARCH

WSL_SRC_DSN_ARCH

WSL_META_SERVER

WSL_TGT_SERVER

WSL_SRC_SERVER

WSL_META_DBID

WSL_TGT_DBID

WSL_SRC_DBID

WSL_META_USER

WSL_TGT_USER

WSL_SRC_USER

WSL_META_PWD

WSL_TGT_PWD

WSL_SRC_PWD

WSL_META_CONSTRING

WSL_TGT_CONSTRING

WSL_SRC_CONSTRING


Anchor
_using_advanced_connect_with_command_lin
_using_advanced_connect_with_command_lin
Using Advanced Connect with Command Line Tools


Dedicated Command Line Interface (RedCli.exe)


For RedCli commands that only perform RED Metadata operations use:
--meta-con-string "<connection string>"
For 'RedCli Deployment' commands a full Profile file will be required since both Metadata and Target connections will need to be established
--red-profile "<full path to Profile file>"


Note
titleNote

When using --red-profile the other --meta- arguments become optional since they can be retrieved from the Profile.


RED Client Command Line (med.exe)


For med.exe batch commands the connection string can be provided using:
--meta-con-string "<connection string>"
Batch documentation creation example:


Code Block
med.exe --create-docs --output-dir "C:\temp\my_doco" --meta-dsn "sql15" --meta-dsn-arch "64" 
--meta-user-name "red1" --meta-password "mypass" --meta-con-string 
"dsn=$DSN$;uid=$USER$;pwd=$PASSWORD$;database=sql15;"


Note
titleNote

When using --meta-con-string argument both --meta-dsn and --meta-dsn-arch are still required but the other --meta- arguments become optional depending on your specific connection string requirements.


Anchor
_enabling_advanced_connect_on_extensible
_enabling_advanced_connect_on_extensible
Enabling Advanced Connect on Extensible Source Connections


To enable Advanced Connect on an Extensible Source Connection you need to edit the UI Configuration for the connection. The new fields are shown below which enables the session credentials and connection string fields, enabling either of these fields will flag the connection as Advanced Connect. See the section Creating the Example Extensible Source Connection Set for more information.
Image Added


Note
titleNote

The Session Credentials fields can be enabled without enabling the Connection String field for Extensible Source Connections. This is due to Extensible Source Connections are designed to be flexible and sometimes the Connection String is not needed or is already covered by another configured field. When enabling the Connection String field you must also have Session Credentials enabled too.