SR3 CREDENTIALS

SR3 Credential File Format

manual section:

7

Date:

May 10, 2024

Version:

UNKNOWN

Manual group:

MetPX-Sarracenia

CONFIGURATION

One normally does not specify passwords in configuration files. Rather they are placed in the credentials file:

edit ~/.config/sr3/credentials.conf

For every url specified that requires a password, one places a matching entry in credentials.conf. The broker option sets all the credential information to connect to the RabbitMQ server

  • broker amqp{s}://<user>:<pw>@<brokerhost>[:port]/<vhost>

(default: amqps://anonymous:anonymous@dd.weather.gc.ca/ )

For all sarracenia programs, the confidential parts of credentials are stored only in ~/.config/sarra/credentials.conf. This includes the destination and the broker passwords and settings needed by components. The format is one entry per line. Examples:

  • amqp://user1:password1@host/

  • amqps://user2:password2@host:5671/dev

  • amqps://usern:passwd@host/ login_method=PLAIN

  • sftp://user5:password5@host

  • sftp://user6:password6@host:22 ssh_keyfile=/users/local/.ssh/id_dsa

  • ftp://user7:password7@host passive,binary

  • ftp://user8:password8@host:2121 active,ascii

  • ftps://user7:De%3Aize@host passive,binary,tls

  • ftps://user8:%2fdot8@host:2121 active,ascii,tls,prot_p

  • https://ladsweb.modaps.eosdis.nasa.gov/ bearer_token=89APCBF0-FEBE-11EA-A705-B0QR41911BF4

In other configuration files or on the command line, the url simply lacks the password or key specification. The url given in the other files is looked up in credentials.conf.

Credential Details

You may need to specify additional options for specific credential entries. These details can be added after the end of the URL, with multiple details separated by commas (see examples above).

Supported details:

  • ssh_keyfile=<path> - (SFTP) Path to SSH keyfile

  • passive - (FTP) Use passive mode

  • active - (FTP) Use active mode

  • binary - (FTP) Use binary mode

  • ascii - (FTP) Use ASCII mode

  • ssl - (FTP) Use SSL/standard FTP

  • tls - (FTP) Use FTPS with TLS

  • prot_p - (FTPS) Use a secure data connection for TLS connections (otherwise, clear text is used)

  • bearer_token=<token> (or bt=<token>) - (HTTP) Bearer token for authentication

  • login_method=<PLAIN|AMQPLAIN|EXTERNAL|GSSAPI> - (AMQP) By default, the login method will be automatically determined. This can be overriden by explicity specifying a login method, which may be required if a broker supports multiple methods and an incorrect one is automatically selected.

Note::

SFTP credentials are optional, in that sarracenia will look in the .ssh directory and use the normal SSH credentials found there.

These strings are URL encoded, so if an account has a password with a special character, its URL encoded equivalent can be supplied. In the last example above, %2f means that the actual password isi: /dot8 The next to last password is: De:olonize. ( %3a being the url encoded value for a colon character. )

SEE ALSO

sr3(1) - Sarracenia main command line interface.

sr3_post(1) - post file notification messages (python implementation.)

sr3_cpost(1) - post file announcemensts (C implementation.)

sr3_cpump(1) - C implementation of the shovel component. (copy messages)

Formats:

sr3_options(7) - the configuration options

sr3_post(7) - the format of notification messages.

Home Page:

https://metpx.github.io/sarracenia - Sarracenia: a real-time pub/sub data sharing management toolkit