Manage Stored Passwords

The Manage Stored Passwords task is used to securely store passwords and plain text PEM private keys in the  database, where they will be safeguarded in database backups, and can be easily selected in situations where a password is required.
gateway91
The Manage Stored Passwords task is used to securely store passwords and plain text PEM private keys in the
Layer7 API Gateway
 database, where they will be safeguarded in database backups, and can be easily selected in situations where a password is required.
Only plain text PEM private keys are stored in the Manage Stored Passwords task. Asymmetric private keys with certificate chains are stored using the Manage Private Keys task.
Stored passwords also have the added security of allowing you to reference them via context variables. This lets you avoid explicitly stating the password in certain situations. For example, you may have a Return Template Response to Requestor assertion that sends back a password:
<p>Your password is: thisisthepassword </p>
With stored passwords, you can replace it with this:
<p>Your password is: ${secpass.salesgroup.plaintext}</p>
In the first example, the password is stored in the database in plain text, and will be included in any exported policy XML files. In the second example, the password is not visible as plain text and is not included in the policy, preventing it from being leaked during a policy export.
(1) For added security, referencing passwords via context variables is an optional setting that must be explicitly enabled for each password. Once enabled, there is no further security to control its use, so use this feature with care. (2) To set permissions for stored passwords, select the "Secure Passwords" entity type in the Add Permissions to Role Wizard.
Encryption of stored passwords:
 The encryption of the encoded stored password uses AES-256 (in CBC mode with PKCS#5 padding and a random IV). The value has the IV prepended and is stored Base-64 encoded. If a Hardware Security Module (HSM) is present, then the password is protected by the HSM.
To manage stored passwords
:
  1. In the Policy Manager, select
    [Tasks] > Certificates, Keys, and Secrets > Manage Stored Passwords
    from the Main Menu. The Manage Stored Passwords dialog appears.
    The dialog displays details about the passwords being stored, but it will never display the passwords themselves.
    Select a task to perform: 
    To...
    Do this...
    Add a new password
    1. Click [
      Add
      ].
    2. Complete the details for the new password. For details, see Stored Password Properties.
    Remove a password
    1. Select the password to remove.
    2. Click [
      Remove
      ].
    3. Click [
      OK
      ] to confirm. The system will attempt to remove the stored password.
    You cannot remove a password that is being referenced by a HTTP option.
    Edit an existing password/
    View password properties
    1. Select the password to edit or view.
    2. Click [
      Properties
      ].
    3. Modify the password details if required. For details, see Stored Password Properties.
    (1) Editing password details allows you to change the password, but you cannot see the actual password. (2) Users with Read-only access to the "secure passwords" entity type can only view (but not modify) password properties.
  2. Click [
    Close
    ] when done.