Stored Password Properties

When adding or editing a stored password, the Stored Passwords Properties appear. This dialog records details about a new password and it lets you modify details for an existing password.
When adding or editing a stored password, the Stored Passwords Properties appear. This dialog records details about a new password and it lets you modify details for an existing password.
A “password” can be either a plain text password or a plain text PEM private key. All other private keys are stored using the Manage Private Keys task.
To access the properties for a stored password
  1. Run the  Manage Stored Passwords task.
  2. Select a password from the list and then click [
    ]. You can also click [
    ] to enter a new password. Slightly different versions of the Stored Password Properties appear, depending on whether you are adding or editing a password.
  3. Configure the properties as follows:
    Identify the password being stored. You may use letters, numbers, dashes, and underscores.
    Names that contain spaces or periods are valid, but the resulting stored password cannot be referenced via context variable.
    Optionally enter a description of the password.
    When adding a stored password, choose its type from the drop-down list: Password or PEM Private Key.
    When editing a stored password, the type is display only and cannot be changed.
    Confirm Password 
    (Password only)
    Enter a password and then retype it to confirm. The [
    ] button will become active only when both passwords match.
    When editing a password, the Password/Confirm Password fields appear after you click [
    Change Password
    PEM Private Key 
    (PEM Private Key only)
    Enter the PEM private key using any of these methods:
    • Automatically generate:
      Select the Generate check box to have the Policy Manager automatically generate an RSA key and then choose a key size to use. The default key size is 2048 bits.
      Certain clients have a minimum size for the server's host key. CA Technologies recommends against using RSA key sizes below 1024 bits.
      To view the public key, click [
      View Public Key
      ] when editing this key
    • Paste from another source:
      Paste the private key directly into the text box.
    • Load from file:
      Click [
      Load From File
      ] to upload a PEM private key.
      If you see
      "The key must be in PEM private key format",
      this means the uploaded content is not in the expected format. CA Technologies recommends generating this file using OpenSSL. Export the private key from the Gateway in a .p12 format, and then run this OpenSSL command (entire command is one line):
      openssl pkcs12 -in myPrivateKey.p12 -nocerts -nodes -passin pass:X | openssl rsa -out pem_privateKey.pem
    Date of last change 
    (editing only)
    This displays the date and time when the password was last changed. You can use it to help keep track of password changes.
    Change Password
    (editing only)
    Click this to change the password. You will be prompted to enter a new password.
    Permit use via context variable reference
    Select this check box to allow the password details to be referenced by the
    stored password for
    , in plain text.
    Enable this option with care, as there is no way to restrict which passwords can be revealed. This feature is unavailable if the stored password name contains spaces or periods.
    This check box does
    need to be enabled to use the
    variable in system dialog boxes (for example, during LDAP configuration). It is required only if you wish to use the
    variables from policy assertions where the field permits arbitrary context variables.
    As a result, you may leave this check box disabled for maximum security. Policy authors will not be able to access your sensitive stored passwords using policy assertions. However, you retain the flexibility to specify that context variable on non-assertion dialog boxes. Example: When configuring a new LDAP Identity Provider, you can specify the Bind Password in the wizard. You can enter the password in the clear or you can enter "
    {secpass.mybindpassword.plaintext}" even though context variable reference has not been granted for stored passwords.
    View Public Key
    Click this to view the public key in PEM format, where it can be copied and pasted elsewhere.
    Security Zone
    Optionally choose a security zone. To remove this entity from a security zone (security role permitting), choose "No security zone".
    For more information about security zones, see Understanding Security Zones.
    This control is hidden if either: (a) no security zones have been defined, or (b) you do not have Read access to any security zone (regardless of whether you have Read access to entities inside the zones).
  4. Click [
    ] when done.
    If you click [
    ] instead, all changes are discarded, including any pending password changes.