A credential object stores authentication information. This is typically the combination of user name and password associated with a user account on the operating system where the FlowForce Server job runs. It can also be a set of HTTP or FTP credentials, or OAuth security details.
FlowForce Server supports the following protocols:
•SFTP (Advanced Edition)
Credentials can be of the following type:
•Password (the combination of a username and password)
Credentials of type password are required by each job; they make it possible to run the job as a particular operating system user. Specifically, when you create a job in FlowForce Server, you must supply the credentials of the user account with which the job must be executed. Note that if the user account does not have sufficient rights on the operating system, the job cannot execute successfully. Password credentials are also required when calling built-in FTP functions, where authorization to an FTP server is required. File watch triggers also require password credentials.
Credentials of type OAuth 2.0 are necessary in jobs that call Web services where OAuth 2.0 authentication is required.
In FlowForce Server, you can define credentials either every time when you create a new job (referred to as local credentials), or as standalone (reusable) credential objects. In the latter case, when creating a job, you can refer to the credentials defined previously instead of entering them again. Standalone credentials are also convenient because you can update them easily in one place when they change. In other words, when you update a standalone credential, the change affects all jobs that use that credential reference.
OAuth 2.0 credentials can be defined only as standalone (not local) credentials, and subsequently be referenced from any jobs where they are required.
SSH Key is a credential type that is valid only for SFTP. The main principle of this type is based on the usage of a unique pair of keys: the public key encrypts the message, the server receives it, and the private key helps decrypt this message. To create an SSH Key credential, click Browse (see the screenshot below) and select the SSH key. The file should be a DSA or RSA key in PEM format. If necessary, provide the passphrase.
The credential can be used to authenticate SFTP connections. For details, see the section /system/sftp.
The screenshot below illustrates this feature, with the RSA key already imported in the Credential section.
•Users can refer to credentials from jobs only if they have the relevant permissions granted. To make credentials from a specific container accessible to a user or to a role, administrators must grant the Credentials - Use permission to that user or role (see How Permissions Work).
•Because the clear text password needs to be sent to the operating system's login function, passwords are stored in a reversible encrypted form in the FlowForce Server database. The administrator should make sure to restrict access to the FlowForce Server's database file, see FlowForce Server Application Data.
If you have licensed MapForce and MapForce Server in order to run mappings as FlowForce Server jobs, you can create credential objects not only in FlowForce Server, but also in MapForce, at mapping design time. You can optionally deploy credentials created in MapForce to FlowForce Server, either together with the mapping where they belong, or as individual objects. A deployed credential does not necessarily have to store any sensitive data such as username and password (although it can, depending on your choice).
For information about creating credentials in MapForce and deploying them to FlowForce Server, refer to MapForce documentation (https://www.altova.com/documentation). For instructions about creating and using credentials in FlowForce Server, see Defining Credentials and Referring to Credentials from Jobs. For details about setting or overriding credentials in mapping jobs, see Credentials in Mapping Functions.