OScript API/Built-in Package Index

Assoc
Boolean
Builder
Bytes
CAPI
CAPICONNECT
CAPIERR
CAPILOG
CAPILOGIN
CacheTree
Cloud
Compiler
Core
DAPI
DAPINODE
DAPISESSION
DAPISTREAM
DAPIVERSION
DOMAttr
DOMCDATASection
DOMCharacterData
DOMComment
DOMDocument
DOMDocumentFragment
DOMDocumentType
DOMElement
DOMEntity
DOMEntityReference
DOMImplementation
DOMNamedNodeMap
DOMNode
DOMNodeList
DOMNotation
DOMParser
DOMProcessingInstruction
DOMText
Date
Dynamic
Env
Error
File
FileCopy
Fileprefs
Frame
GUID
Global
Integer
JavaObject
Language
License
List
Logging
Long
MailMessage
Math
Memcached
NotSet
OTDS
ObjRef
Object
POP3Session
PatChange
PatFind
Pattern
Point
Profiler
Real
RecArray
Record
Regex
RestClient
SAXParser
SMTPSession
SSLOptions
Script
Secrets
Security
Set
Socket
Sql
SqlConnection
SqlCursor
Str
String
System
UAPI
UAPISESSION
UAPIUSER
Void
WAPI
WAPIMAP
WAPIMAPTASK
WAPISESSION
WAPISUBWORK
WAPIWORK
Web
XLate
XSLProcessor
Zip
Home : OScript API/Built-in Package Index

Class: Secrets

The built-in functions in the Secrets package allow you to store and retrieve secrets in storages that are managed by Content Server. There are two types of secrets: local and global. In general, local secrets apply to specific Content Server hosts only. However, not all secrets stored with PutLocal() are really local. Whether a specific secret is really local should be determined case by case according to the nature of that secret. For example, the Content Server database password is not local in nature; its change requires restarting all Content Server hosts after the change has been synchronized among them. The Web Administrator password is not local as well; otherwise the Content Server administrators have to use different passwords on different hosts to configure the same Content Server system. This is no different from the settings in the opentext.ini file. Some are local and some are not. If not really local to a specific host, then a change will require synchronization and restarting all hosts afterwards.

Depending on the running environment, some secrets may be read only. For example, not all secrets can be stored or updated using this package's Put() and PutLocal() methods in the container environment. Overall, the methods for global secrets are similar to CAPI's IniDelete(), IniGet() and IniPut() and the methods for local secrets are similar to the corresponding functions provided by $KERNEL.SystemPreferences. The big differences are that secret values are of type String rather than Dynamic; section and keyword are always case sensitive, even for the local versions; and the return value is Undefined if there is no secret for the section/keyword specified. Most importantly, the passed secret is automatically encrypted when stored and decrypted before it is returned. It is guaranteed that the retrieved secret is exactly the same as it was passed into the Put() or PutLocal() method.

The major functionalities offered in the Secrets package are the following:

The majority of these functions require a pair of String parameters, section and keyword, and for each of these parameters, the content of the String is limited as follows:

  • It must be composed solely of the basic alphanumeric characters { A-Za-z0-9 } plus the underscore { _ }, hyphen or minus sign { - }, and the period or full stop { . }.
  • It must begin with an alphabetic character { A-Za-z }.
  • The minimum length is 1 character and the maximum length is 128 characters.
  • As mentioned above, it is treated in a case-sensitive manner. For example, "KEYWORD1", "Keyword1", and "keyword1" are all distinct and would refer to different secrets within a given section.

Class Methods

CheckCryptoMark( CAPILOGIN login )

Checks if "OTHOME/config/secrets/key.bin" has the correct content. Internal use only.

Delete( CAPILOGIN login, String section, String keyword )

Deletes one global secret for the keyword in the section specified.

DeleteLocal( String section, String keyword )

Deletes one local secret for the keyword in the section specified.

Get( CAPILOGIN login, String section, String keyword )

Retrieves one global secret from the global secret storage.

GetKeys( CAPILOGIN login )

Retrieves a RecArray with one row for each key (that is, each section/keyword combination) defined in the underlying secret storages for both local and global secrets.

GetLocal( String section, String keyword )

Retrieves one local secret from the local secret storage.

IsReadOnly( CAPILOGIN login, String section, String keyword )

Tests if the global secret for the specified section/keyword is read only or not.

IsReadOnlyLocal( String section, String keyword )

Tests if the local secret for the specified section/keyword is read only or not.

Put( CAPILOGIN login, String section, String keyword, String val )

Stores one secret in the global secret storage.

PutLocal( String section, String keyword, String val )

Stores one secret in the local secret storage.

SetCryptoMark( CAPILOGIN login )

Inserts into the KSecrets table a certain string for checking if "OTHOME/config/secrets/key.bin" has the correct content. Internal use only.

Class Methods

CheckCryptoMark

Integer CheckCryptoMark( CAPILOGIN login )

Checks if the KSecrets table has a certain string used to check if "OTHOME/config/secrets/key.bin" has the correct content. If so, this function tries to decrypt the string. If an error occurs while checking or decrypting, or the decrypted value is not as expected, this function logs a message informing the user to copy over the key.bin of the original instance and restart Content Server, then causes the Content Server service to stop. If the string is not in KSecrets, this function instead checks if key.bin has the correct content by checking if it can decrypt all the values in KSecrets. If so, it inserts the string into KSecrets.

Warning: This function is not intended for general use. It is for internal use only. This function accesses the database associated with the login parameter; misuse could render the system inoperative.

Parameters

login

The CAPILOGIN object.

Returns:

Integer 0

Delete

Integer Delete( CAPILOGIN login,
                String section,
                String keyword )

Deletes one global secret for the section/keyword specified. Does nothing if there is not such a secret.

Parameters

login

The CAPILOGIN object.

section

A string specifying the section to affect in the secret storage.

keyword

A string specifying the keyword to delete from the specified section.

Returns:

An Integer 0 if successful, an error otherwise.

DeleteLocal

Integer DeleteLocal( String section,
                     String keyword )

Deletes one local secret for the section/keyword specified. Does nothing if there is not such a secret.

Parameters

section

A string specifying the section to affect in the secret storage.

keyword

A string specifying the keyword to delete from the specified section.

Returns:

An Integer 0 if successful, an error otherwise.

Get

String Get( CAPILOGIN login,
            String section,
            String keyword )

Retrieves one global secret, if any, from the global secret storage for the section/keyword specified.

Parameters

login

The CAPILOGIN object.

section

A string specifying the section in which the keyword is located.

keyword

A string specifying the keyword to retrieve one secret.

Returns:

The string value of the secret for the given keyword in the specified section if successful; Undefined if not existing; or an error otherwise.

GetKeys

RecArray GetKeys( CAPILOGIN login )

Retrieves a RecArray with one row for each key (that is, each section/keyword combination) defined in the underlying secret storages for both local and global secrets. The columns included are 'Section' and 'Keyword' (both String values), 'Global' (Boolean value, true if global, false if local), and 'ReadOnly' (Boolean value). No values are returned.

Parameters

login

The CAPILOGIN object.

Returns:

The RecArray value with one row for each secret stored in the underlying secret storages, local and global.

Example

Dynamic result
Dynamic rec
Object prgCtx

Assoc checkVal = $LLIApi.PrgSession.GetPrgCtx( 'Admin' )


if ( checkVal.ok )

    prgCtx = checkVal.pSession

    result = Secrets.GetKeys( prgCtx.fDbConnect.fLogin )

    if( IsNotError( result ) )

        for rec in result

            Echo( rec )

        end

    end

end

Output:

16:55:06,168 INFO  R<'Section'='a','Keyword'='b1','Global'=true,'ReadOnly'=false>
16:55:06,168 INFO  R<'Section'='general','Keyword'='AdminPwd','Global'=false,'ReadOnly'=false>
16:55:06,168 INFO  R<'Section'='dbconnection:main','Keyword'='password','Global'=false,'ReadOnly'=false>
16:55:06,168 INFO  R<'Section'='a','Keyword'='b2','Global'=false,'ReadOnly'=false>
16:55:06,168 INFO  R<'Section'='another','Keyword'='k1','Global'=false,'ReadOnly'=false>

GetLocal

String GetLocal( String section,
                 String keyword )

Retrieves one local secret, if any, from the local secret storage for the section/keyword specified.

Parameters

section

A string specifying the section in which the keyword is located.

keyword

A string specifying the keyword to retrieve one secret.

Returns:

The string value of the secret for the given keyword in the specified section if successful; Undefined if not existing; or an error otherwise.

Example

Dynamic result

result = Secrets.GetLocal('general', 'AdminPwd')

Echo( result )

result = Secrets.GetLocal('general', 'adminpwd') // Note that section and keyword are case sensitive!

Echo( result )

Output:

21:21:33,822 INFO  1$UDe8fmYyXeyMXnAvfBo0KOmRUpuERThKjqccm|Rm4Z56wFHjg0cBm0nxqrTvjOWz0GBxJqR9JHr|U|BmX6w6fg==$EynFthPsK5ZWGzff34Ui7YV0bYItSSzX5pKDquHgK|Ld6q06KmqOOCd+lfZJr2rSeqNuvyAcyeTw70qkw4Pg|w==
21:21:33,823 INFO  ?

IsReadOnly

Boolean IsReadOnly( CAPILOGIN login,
                    String section,
                    String keyword )

Tests if the global secret for the specified section/keyword is read only or not.

Parameters

login

The CAPILOGIN object.

section

A string specifying the section in which the keyword is located.

keyword

A string specifying the keyword to be tested.

Returns:

TRUE if the secret is read only; FALSE if it is writable; Undefined if not existing; or an error otherwise.

IsReadOnlyLocal

Boolean IsReadOnlyLocal( String section,
                         String keyword )

Tests if the local secret for the specified section/keyword is read only or not.

Parameters

section

A string specifying the section in which the keyword is located.

keyword

A string specifying the keyword to be tested.

Returns:

TRUE if the secret is read only; FALSE if it is writable; Undefined if not existing; or an error otherwise.

Put

Integer Put( CAPILOGIN login,
             String section,
             String keyword,
             String val )

Stores one secret with the specified section/keyword in the global secret storage.

Parameters

login

The CAPILOGIN object.

section

A string specifying the section in which the keyword is located.

keyword

A string specifying the keyword to store the secret.

val

A string specifying the plaintext value of the secret.

Returns:

An Integer 0 if successful; an error otherwise.

PutLocal

Integer PutLocal( String section,
                  String keyword,
                  String val )

Stores one secret with the specified section/keyword in the local secret storage.

Parameters

section

A string specifying the section in which the keyword is located.

keyword

A string specifying the keyword to store the secret.

val

A string specifying the plaintext value of the secret.

Returns:

An Integer 0 if successful; an error otherwise.

SetCryptoMark

Integer SetCryptoMark( CAPILOGIN login )

Inserts into the KSecrets table a certain string for checking if "OTHOME/config/secrets/key.bin" has the correct content.

Warning: This function is not intended for general use. It is for internal use only. This function accesses the database associated with the login parameter; misuse could render the system inoperative.

Parameters

login

The CAPILOGIN object.

Returns:

An Integer 0 if successful; an error otherwise.

 Copyright © 2022 OpenText Corporation. All rights reserved.