Configure a Secrets Vault for the Micro Focus Database File Handler

To encrypt sensitive material stored in the database configuration file, enable it to use a secrets vault.

When enabled, the connection strings and passwords usually visible as plain text in the configuration file are encrypted. The excerpt below shows how the information is replaced with a $$vault$$ placeholder; this information is encrypted/decrypted implicitly, when required at run time.

  1. Set the following environment variable to the value of the intended secrets vault: 
    MFDBFH_VAULT=<vault-name>
    Note: If you do not set this variable, the vault used defaults to the default vault specified in secrets.cfg - see Vault Facility for more information.
  2. Set the database configuration file to be vault-enabled: 
    dbfhconfig -vault -file:<file-name>
When a configuration file is vault-enabled, passwords and connection strings are not visible as plain text. 
<datastores usevault="true">
   <server name="localhost:50000" type="db2" access="odbc">
      <dsn name="DB2.VSAM" type="datastore" dsname="VSAM" optio="none +ooseq" dbname="MYMFFILS" connect="$$vault$$"/>
      <dsn name="DB2.SEQ" type="datastore" dsname="VSAM" optio="none +ooseq" bitism:"32" userid="db2admin" password="$$vault$$"/>
      <dsn name="DB2.ESDEMO" type="region.cas" region="ESDEMO" feature="all" dbname="MYMFFILS" connect="$$vault$$"/>
      <dsn name="DB2.CROSSREGION" type="crossregion.cas" dsname="$XREGN$" dbname="MYMFFILS" connect="$$vault$$"/>
   </server>
</datastores>
Parent topic: The Database Configuration File
Related reference
Vault Facility