Versions Compared

Old Version 1

changes.mady.by.user Nadja Pollard

Saved on

compared with

New Version 2

changes.mady.by.user eric revollo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The fields labelled "Session .." are never stored in the metadata and only persist, in-memory, for the duration of the user's session of RED. 

Additionally, the users and passwords entered in the Scheduler Configuration screen in RED are never stored in the metadata and only persist, in-memory, for the duration of the user's session of RED. 

Scheduler ConfigurationImage Modified

...

  • $DSN$ - replaced at runtime with the ODBC Data Source Name of the connection.
  • $USER$ - replaced at runtime with the Session User Id of the connection.
  • $PASSWORD$ - replaced at runtime with Session Password of the connection.
  • $AUTHTKN_1$ - replaced at runtime with the value of the first defined token.
  • $AUTHTKN_2$ - replaced at runtime with the value of the second defined token.
  • $AUTHTKN_3$ - replaced at runtime with the value of the third defined token.

Profiles and Session Credentials

For each ODBC, Database or Extensible Source Connection RED maintains an in-memory credential set including the username, password, and connection string for each connection. This in-memory credential set is what we term the ‘Profile’ for authentication during the session of RED.

Additionally the Scheduler Configuration credentials are also stored in-memory for the session and included in the Profile when saving it to disk.

The in-memory  profile  is session based and therefore the credentials are specific to the user logged on during that session. The connection string itself is however stored in the metadata so that each RED user still uses the same authentication method as other users while in the RED UI.

Saving Profiles to Disk

Profiles can be saved to disk so that users need not enter usernames and passwords into each of their connections whenever they log in to RED.

To save a Profile including session passwords, right click on the Connections node in the objects tree and select 'Save Profile'

...

Select a name to save the file as and choose to  Include Session Passwords. To ensure that all credentials are stored then make sure to open each connection and set the session credentials prior to saving the  Profile.

Info
titlePasswords encrypted at rest
Session passwords are encrypted at rest (on the file in disk) during the save using Windows DPAPI (user-based) encryption. These profile files will therefore only ever be able to be used and decrypted by the Windows user who saved them. 

...

Info

The following example has had passwords truncated for display purposes.


Code Block
languagejavajson
titleProfile JSON
collapsetrue
{
   "connections": [
    {
         "connectionName": "Tutorial (OLTP)",
         "connectionString": "dsn=$DSN$;uid=$USER$;pwd=$PASSWORD$;database=WslTutorial_DataSeq;",
         "password": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAK9Z1yRvrzEOIvwCfKZ96UAAAAAACAAAAAAAQZgAA",
         "userId": "red1"
      },
    {
         "connectionName": "SQL_Target",
         "connectionString": "dsn=$DSN$;uid=$USER$;pwd=$PASSWORD$;database=sql15_9010_pg;",
         "password": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAK9Z1yRvrzEOIvwCfKZ96UAAAAAACAAAAAAAQZgAA",
         "userId": "red1"
      },
    {
         "connectionName": "PostgreSQL_Target",
         "connectionString": "dsn=$DSN$;uid=$USER$;pwd=$PASSWORD$;database=pg15_9010;",
         "password": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAK9Z1yRvrzEOIvwCfKZ96UAAAAAACAAAAAAAQZgAA",
         "userId": "reduser_user"
      },
    {
         "connectionName": "WslTutorial_DataSeq",
         "connectionString": "dsn=$DSN$;uid=$USER$;pwd=$PASSWORD$;",
         "password": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAK9Z1yRvrzEOIvwCfKZ96UAAAAAACAAAAAAAQZgAA",
         "userId": "red1"
      }
   ],
   "redConnectionMethod": "Advanced Connect",
   "redConnectionString": "dsn=$DSN$;uid=$USER$;pwd=$PASSWORD$;database=sql15_9010_pg;",
   "redDatabase": "sql15_9010_pg",
   "redDsn": "sql15",
   "redServer": "",
  "redServerPort": "",
  "redUserId": "red1",
  "authConfig": {
    "authScriptCommand": "powershell -executionpolicy bypass -f authscript.ps1",
    "authExpiresAfterMins": 60,
    "authUrl": "https://test.com",
    "customProperty": "",
    "accessTokenExpiryTime": "2025-07-03T10:51:00",
    "refreshTokenExpiryTime": "2025-07-03T10:51:00"
  },
  "redDsnArchitecture": "64",
 "redServer
  "authTokens": {
    "token_1": {
      "value": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAaXbH2rKfq0qz2x8mcZDgoAAAAAACAAAAAAAQZg",
      "displayName": "Access Token"
    },
    "token_2": {
      "value": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAaXbH2rKfq0qz2x8mcZDgoAAAAAACAAAAAAAQZg",
      "displayName": "Refresh Token",
 "redServerPort
    },
    "token_3": {
      "value": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAaXbH2rKfq0qz2x8mcZDgoAAAAAACAAAAAAAQZg",
 "redUserId      "displayName": "red1",
 JWT"
    }
  }, 
  "redUserPwd": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAK9Z1yRvrzEOIvwCfKZ96UAAAAAACAAAAAAAQZgAA"
}

...