-
-
-
Username and Configuration Setting Encryption
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Username and Configuration Setting Encryption
uberAgent optionally encrypts user and domain names in the agent and has support to encrypt sensitive settings in its configuration.
User and Domain Names
Encryption
User and domain names can be encrypted in the agent before being sent off to the backend. This can be useful for compliance with privacy regulations.
User and domain name encryption is disabled by default. If required, enable it via the configuration setting EncryptUserNames
.
With encryption enabled, user and domain names show up in the backend and in dashboards like this:
Decryption
uberAgent’s download package comes with the command line-tool uAEncrypt.exe
, which can be used to decrypt usernames as shown in the following example:
uAEncrypt.exe -decrypt -keyId 101 -data
Configuration Settings
Configuration settings can optionally be obfuscated or retrieved from the OS-specific credential store. Obfuscation is the older option, but less secure. The OS credential store has been added in uberAgent 7.2 and is the recommended way to store passwords and other sensitive information that is required by uberAgent.
Encryption
Some configuration setting may optionally be retrieved from the OS-specific credential store. To indicate to uberAgent that a setting should be read from the OS credential store, specify its value in the following format: ###UA_CREDENTIAL_SOMENAME###
. When uberAgent encounters the above format in its configuration, it reads the actual value from the setting SOMENAME
in the OS credential store.
Example:
To secure a backend receiver’s REST token, specify it in uberAgent’s configuration as follows:
RESTToken = ###UA_CREDENTIAL_SplunkRESTToken###
Distribute the actual REST token value to the OS credential store (see below) of all endpoints where uberAgent’s configuration references it.
Supported Settings
Encryption is supported for the following configuration settings:
[AzureEventHubsConfiguration]
AzureClientSecret
[CitrixADC_Config]
Password
[CitrixCloud_Config]
ClientSecret
[Receiver]
RESTToken
TLSClientCertificate
Deployment to the OS Credential Store
uberAgent doesn’t handle the deployment of secrets to the endpoint’s OS credential store.
Windows Implementation
The credentials are read from the SYSTEM user’s credential store (more information).
macOS Implementation
Under macOS the credentials are read from the keychain (more information). The keychain items
must be stored in the system keychain, and uberAgent must be exempt from the option Confirm before allowing access
under the tab Access Control
.
Example:
To create a keychain item securing the REST token for Splunk, you can run the following command line:
sudo security add-generic-password -a "Splunk" -s "uberAgent" -w "TOKEN_TO_BE_USED" -T "/Library/uberAgent/uberAgent.app" -U /Library/Keychains/System.keychain
where Splunk
is the keychain item’s account name, uberAgent
is the service name and TOKEN_TO_BE_USED
the REST token. The account name can be chosen freely. If you want to change the default service name uberAgent
, you can do so by adding the configuration option CredentialStoreServiceName
in stanza Miscellaneous
, and passing the name with option -s
as seen in the example above.
Example:
[Miscellaneous]
ConfigFlags = CredentialStoreServiceName:MY_CUSTOM_SERVICE_NAME
Obfuscation
Sensitive settings like passwords can be obfuscated with the command-line tool uAEncrypt.exe
, which is available in the uberAgent download package. The syntax is viewable by running uAEncrypt.exe -?
.
To encrypt MySecretPassword
:
uAEncrypt.exe -encrypt -keyId 1 -data PlaintextData
De-Obfuscation
De-obfuscation is possible with:
uAEncrypt.exe -decrypt -keyId 1 -data ObfuscatedData
Supported Settings
Obfuscation is supported for all configuration settings.
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.