Username, Password, and Key
The Username, Password, and Key credential type represents a full authentication triple used to authenticate with external (remote) systems that require both password and key authentication.
This method enforces the highest level of credential-based authentication supported in UDMG. The credential type supports both encrypted and unencrypted private keys.
A Username, Password, and Key credential consists of:
- Username: The login or service identity used for authentication.
- Private Key: The SSH private key used for key-based authentication.
- Password: The associated password used for authentication.
- Private Key Passphrase: The optional passphrase to decrypt the private key. If left blank, the key is not encrypted.
UDMG supports several key types and verifies that each key is in the correct format when saved. These keys are Username, Password, and Key stored securely and their values are masked in the UDMG Admin UI, and can only be retrieved via the API.
Use Case
| # | Use Case | Referenced By | Purpose |
|---|---|---|---|
| 1 | External SFTP Server Authentication | A Pipeline with a Remote SFTP Server Endpoint | Allows UDMG to authenticate to an external (remote) SFTP server when UDMG is acting as an SFTP client. The external SFTP server requires key and password based authentication. |
External SFTP Server Authentication (Dual)
When UDMG acts as an SFTP client, it can use a Username, Password, and Key Credential to authenticate with an external SFTP server that supports key authentication.
Implementation
- A username, password, and private key are generated outside of UDMG (e.g., by the administrator of the external SFTP server and your organization, respectfully).
- A new Credential (with Type: Username, Password, and Key) is added on the Credentials page with the content from Step 1.
- A new or existing Pipeline configuration (with Source Endpoint or Destination Endpoint set to Remote SFTP Server Endpoint) can now reference this Credential from the Credentials Name field.
- When UDMG initiates a connection to the external SFTP server, it uses the referenced Credential to authenticate itself.
UDMG automatically derives and uses the corresponding public key from the private key entered.
Adding a Username, Password, and Key
To add a Username, Password, and Key, follow these steps:
- From the Sidebar, click Configuration > Credentials.
- Click Add Credential.
- Select Username, Password, and Key as the Credential Type.
- Enter an identifying Name and Description, and optionally Valid From and Valid To dates.
- Enter or paste in the Username, Password, Private Key, and Private Key Passphrase based on the use case.
- Click Add.
Each Username, Password, and Key must be properly created to be referenced by other Configuration Items.
Field Descriptions
The following table lists all fields that can be completed when adding (or editing) a Username, Password, and Key:
| Name | Description | Specifications | Required |
|---|---|---|---|
| Type | Type of Credential. Select: Username, Password, and Key. | Cannot be modified after creation. | Yes |
| Name | The name of the Username, Password, and Key. |
| Yes |
| Description | The description of the Username, Password, and Key. | No | |
| Valid From | Date when the Credential becomes valid. | Cannot be later than Valid To date. | No |
| Valid To | Date when the Credential becomes invalid. info UDMG does not use or check the dates provided. The dates entered are only meant to help Users keep track of expiration dates. | Cannot be earlier than Valid From date. | No |
| Username | The username used to log into the external SFTP server (the remote account you authenticate with as provided by the external SFTP server partner). | Must be at least 1 character. | Yes |
| Password | The password to log into the external SFTP server (the remote account you authenticate with as provided by the external SFTP server partner) or Bind DN password. |
| Yes |
| Private Key | Raw cryptographic data of the private key. |
| Yes |
| Private Key Passphrase | The passphrase used to decrypt your private key. Leave blank if your key is not encrypted. | Values are masked and encrypted after saving. | No |
Editing a Username, Password, and Key
To edit a Username, Password, and Key, follow these steps:
- From the Sidebar, select Configuration > Credentials.
- Click the Credential Name you want to edit.
- Click the Edit button above the Credentials details to edit the specific fields.
- Edit details for the Credentials, using the Field Descriptions above as a guide.
- Click Update.
Managing Username, Password, and Keys
Viewing Username, Password, and Key Details
To view the details of a Username, Password, and Key, follow these steps:
- From the Sidebar, click Configuration > Credentials.
- Click the Name of the Username, Password, and Key you want to view. You will see a table with the Credential details.
Username, Password, and Key Metadata
Username, Password, and Key details include all parameters given in the Field Descriptions table above, plus the following read-only metadata:
| Name | Description |
|---|---|
| UUID | Universally Unique Identifier of this Username, Password, and Key. |
| Enabled | Credentials Enabled status. If enabled, field is set to True. |
| Version | Version number of the latest configuration of the Credential. Every change increases the number. |
| Created | Date and time this Username, Password, and Key was created. |
| Updated | Date and time this Username, Password, and Key was last updated. |
Enabling and Disabling Username, Password, and Keys
Username, Password, and Keys can be Enabled or Disabled to control their active status and ability to participate in file transfers. The status is defaulted to Enabled and can be changed after creation.
- Enabled (default): The Username, Password, and Key is active and available for use.
- Disabled: The Username, Password, and Key is not active and unavailable for use.
To enable or disable a Username, Password, and Key, follow these steps:
- From the Sidebar, click Configuration > Credentials.
- Click the Name of the Username, Password, and Key you want to enable/disable.
- Click the Enable or Disable button above the Username, Password, and Key details, depending on the current status.
Deleting a Username, Password, and Key
To delete a Username, Password, and Key, follow these steps:
- From the Sidebar, click Configuration > Credentials.
- Click the Name of the Credential you want to delete.
- Click the Delete button above the Credential details.
- You will be asked to confirm the deletion. Click Delete.
If a Credential is currently assigned to a Configuration Item (Pipeline) or LDAP, then it cannot be deleted. You must first remove the Credential from the specific Configuration Item(s) it is assigned to, then go back to the Credentials page to delete the Credential.