SR3 CREDENTIALS
SR3 Credential File Format
- manual section:
7
- Date:
Nov 18, 2024
- Version:
3.00.57rc0
- Manual group:
MetPX-Sarracenia
CONFIGURATION
One normally does not specify passwords in configuration files. Rather they are placed in the credentials file:
edit ~/.config/sr3/credentials.conf
For every url specified that requires a password, one places a matching entry in credentials.conf. The broker option sets all the credential information to connect to the RabbitMQ server
broker amqp{s}://<user>:<pw>@<brokerhost>[:port]/<vhost>
(default: amqps://anonymous:anonymous@dd.weather.gc.ca/ )
For all sarracenia programs, the confidential parts of credentials are stored only in ~/.config/sarra/credentials.conf. This includes the destination and the broker passwords and settings needed by components. The format is one entry per line. Examples:
amqp://user1:password1@host/
amqps://user2:password2@host:5671/dev
amqps://usern:passwd@host/ login_method=PLAIN
sftp://user5:password5@host
sftp://user6:password6@host:22 ssh_keyfile=/users/local/.ssh/id_dsa
ftp://user7:password7@host passive,binary
ftp://user8:password8@host:2121 active,ascii
ftps://user7:De%3Aize@host passive,binary,tls
ftps://user8:%2fdot8@host:2121 active,ascii,tls,prot_p
ftp://user8:%2fdot8@host:990 implicit_ftps
https://ladsweb.modaps.eosdis.nasa.gov/ bearer_token=89APCBF0-FEBE-11EA-A705-B0QR41911BF4
In other configuration files or on the command line, the url simply lacks the password or key specification. The url given in the other files is looked up in credentials.conf.
Credential Details
You may need to specify additional options for specific credential entries. These details can be added after the end of the URL, with multiple details separated by commas (see examples above).
Supported details:
ssh_keyfile=<path>
- (SFTP) Path to SSH keyfilepassive
- (FTP) Use passive modeactive
- (FTP) Use active modebinary
- (FTP) Use binary modeascii
- (FTP) Use ASCII modessl
- (FTP) Use SSL/standard FTPtls
- (FTP) Use FTPS with TLSprot_p
- (FTPS) Use a secure data connection for TLS connections (otherwise, clear text is used)bearer_token=<token>
(orbt=<token>
) - (HTTP) Bearer token for authenticationlogin_method=<PLAIN|AMQPLAIN|EXTERNAL|GSSAPI>
- (AMQP) By default, the login method will be automatically determined. This can be overriden by explicity specifying a login method, which may be required if a broker supports multiple methods and an incorrect one is automatically selected.implicit_ftps
- (FTPS) Use implicit FTPS (otherwise, explicit FTPS is used). Setting this will also settls
to True.
- Note::
SFTP credentials are optional, in that sarracenia will look in the .ssh directory and use the normal SSH credentials found there.
These strings are URL encoded, so if an account has a password with a special character, its URL encoded equivalent can be supplied. In the last example above, %2f means that the actual password isi: /dot8 The next to last password is: De:olonize. ( %3a being the url encoded value for a colon character. )
SEE ALSO
sr3(1) - Sarracenia main command line interface.
sr3_post(1) - post file notification messages (python implementation.)
sr3_cpost(1) - post file announcemensts (C implementation.)
sr3_cpump(1) - C implementation of the shovel component. (copy messages)
Formats:
sr3_options(7) - the configuration options
sr3_post(7) - the format of notification messages.
Home Page:
https://metpx.github.io/sarracenia - Sarracenia: a real-time pub/sub data sharing management toolkit