|
Zowe CLI profile data at rest
Morten Schiønning
Hi
I’m a security professional, working for an infrastructure provider for major financial institutions in Denmark. I’m tasked with doing a risk assessment (and subsequent security approval) of Zowe, and, as part of that, Zowe CLI.
I am reading through the documentation and learn that users can create profiles, saving them from retyping, among other things, username and password.
I am lacking a description of how that information is stored. Is it saved in a regular file? Is it in clear text? Please provide as many details as you can J
From what I can tell about the other aspects of operation of Zowe (and Zowe CLI) the culture around seems to be pretty security aware, so I keep my fingers crossed. J
Regards
”De dygtigste vinder sammen, stræber efter enkelhed, fokuseret på kundens bedste”
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: Zowe CLI profile data at rest
Zowe CLI stores credentials in plain text. However, you don't need to always store your credentials in the CLI. Zowe CLI is able to accept credentials from other sources such as environment variables. Using it from automation tools like Jenkins which has its own secure credential storage capability https://jenkins.io/doc/developer/security/secrets/ allows the CLI to consume secure credentials via environment variables. In the case where you're using it from your laptop and you'd like to store your credentials securely, there are 3rd party plugins available for Zowe that accomplish this. Thanks, Sujay Solomon Global Product Manager | Mainframe DevOps Advisor Helping Enterprises Achieve Integrated Mainframe DevOps Broadcom, Pittsburgh, PA |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[VOTE] Require Multi-Factor Authentication for Committers to Zowe Projects in GitHub
Matt Hogstrom
As discussed in the ZLC meeting security is a critical aspect for Zowe as it is in all projects. To increase security all Committers (members of the Zowe organization in GitHub) should have multi-factor authentication enabled.
After July 17th those members of the community that have not enabled MFA in GitHub will have their write access suspended until their account is secured with MFA. ZLC members have binding votes but all are welcome to express their view. Please respond to this e-mail with +1 - Approve 0 - No opinon -1 - Disagree (please respond with specific objections) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [zowe-zlc] [VOTE] Require Multi-Factor Authentication for Committers to Zowe Projects in GitHub
jlinardon@...
+1
Jean-Philippe Linardon Director, Software Engineering Rocket Software 77 Fourth Avenue • Waltham, MA • 02451 • USA T: +1 781 684 2350 • E: jlinardon@... • W: www.rocketsoftware.com
From: zowe-zlc@... <zowe-zlc@...>
On Behalf Of Matt Hogstrom via Lists.Openmainframeproject.Org
Sent: Wednesday, June 12, 2019 3:16 PM To: zowe-zlc@... Cc: zowe-user@...; zowe-dev@... Subject: [zowe-zlc] [VOTE] Require Multi-Factor Authentication for Committers to Zowe Projects in GitHub
As discussed in the ZLC meeting security is a critical aspect for Zowe as it is in all projects. To increase security all Committers (members of the Zowe organization in GitHub) should have multi-factor authentication enabled.
After July 17th those members of the community that have not enabled MFA in GitHub will have their write access suspended until their account is secured with MFA.
ZLC members have binding votes but all are welcome to express their view.
Please respond to this e-mail with +1 - Approve 0 - No opinon -1 - Disagree (please respond with specific objections)
================================ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [zowe-zlc] [VOTE] Require Multi-Factor Authentication for Committers to Zowe Projects in GitHub
Mark.Ackert@...
+1 On Wed, Jun 12, 2019 at 5:22 PM <jlinardon@...> wrote:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [zowe-zlc] [VOTE] Require Multi-Factor Authentication for Committers to Zowe Projects in GitHub
Maciej_Serafin@...
+1
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [zowe-zlc] [VOTE] Require Multi-Factor Authentication for Committers to Zowe Projects in GitHub
Jean-Louis Vignaud
+1 On Wed, Jun 12, 2019 at 9:16 PM Matt Hogstrom <matt@...> wrote:
--
Jean-Louis Vignaud Product Management Broadcom, MF Business Division +420 770 146 136 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [VOTE] Require Multi-Factor Authentication for Committers to Zowe Projects in GitHub
Matt Hogstrom
My +1
toggle quoted message
Show quoted text
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [VOTE] Require Multi-Factor Authentication for Committers to Zowe Projects in GitHub
Joe Winchester
+1
Joe Winchester
IBM z/OS Explorer Senior Technical Staff Member - Project Zowe Contributor zowe.org
Phone: 44-7749-965423
Twitter: @JoeWinchester LinkedIn: joewinchester
E-mail: winchest@... ----- Original message ----- IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [VOTE] Require Multi-Factor Authentication for Committers to Zowe Projects in GitHub
Matt Hogstrom
Vote passes … all +1s with
toggle quoted message
Show quoted text
+1’s Matt Hogstrom Sean Grady Jean-Philippe Linardon Mark Ackert Jean-Louis Vignaud Petr Plavjanik Michael Supak Guilherme Cartier Doug Ross Vitek Vicek Joe Winchester
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [zowe-dev] [zowe-user] [VOTE] Require Multi-Factor Authentication for Committers to Zowe Projects in GitHub
Joe Winchester
+1
Joe Winchester
IBM z/OS Explorer Senior Technical Staff Member - Project Zowe Contributor zowe.org
Phone: 44-7749-965423
Twitter: @JoeWinchester LinkedIn: joewinchester
E-mail: winchest@... ----- Original message ----- IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [zowe-dev] [zowe-user] [VOTE] Require Multi-Factor Authentication for Committers to Zowe Projects in GitHub
Jean-Yves Baudy
+1 Cordialement, Regards.
 "Joe Winchester" ---20/06/2019 13:08:52---+1 Joe Winchester IBM z/OS Explorer Senior Technical Staff Member - Project Zowe Contributor zoweFrom: "Joe Winchester" <winchest@...> To: zowe-dev@... Cc: zowe-dev@..., zowe-user@..., zowe-zlc@... Date: 20/06/2019 13:08 Subject: [EXTERNAL] Re: [zowe-dev] [zowe-user] [VOTE] Require Multi-Factor Authentication for Committers to Zowe Projects in GitHub Sent by: zowe-user@... +1 Joe Winchester IBM z/OS Explorer Senior Technical Staff Member - Project Zowe Contributor zowe.org Phone: 44-7749-965423 Twitter: @JoeWinchester LinkedIn: joewinchester E-mail: winchest@... ----- Original message -----
From: "Matt Hogstrom" <matt@...> Sent by: zowe-dev@... To: zowe-user@... Cc: zowe-zlc@..., zowe-dev@... Subject: Re: [zowe-dev] [zowe-user] [VOTE] Require Multi-Factor Authentication for Committers to Zowe Projects in GitHub Date: Thu, Jun 20, 2019 1:38 AM Vote passes … all +1s with +1’s Matt Hogstrom Sean Grady Jean-Philippe Linardon Mark Ackert Jean-Louis Vignaud Petr Plavjanik Michael Supak Guilherme Cartier Doug Ross Vitek Vicek Joe Winchester Matt Hogstrom matt@... +1-919-656-0564 PGP Key: 0x90ECB270 Facebook LinkedIn Twitter “It may be cognitive, but, it ain’t intuitive." — Hogstrom
As discussed in the ZLC meeting security is a critical aspect for Zowe as it is in all projects. To increase security all Committers (members of the Zowe organization in GitHub) should have multi-factor authentication enabled. After July 17th those members of the community that have not enabled MFA in GitHub will have their write access suspended until their account is secured with MFA. ZLC members have binding votes but all are welcome to express their view. Please respond to this e-mail with +1 - Approve 0 - No opinon -1 - Disagree (please respond with specific objections) Matt Hogstrom matt@... +1-919-656-0564 PGP Key: 0x90ECB270 Facebook LinkedIn Twitter “It may be cognitive, but, it ain’t intuitive." — Hogstrom Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[DISCUSS] Updated Governance Documents and ZLC Succession Plan
Matt Hogstrom
We are preparing to setup a vote for the Zowe Project in accordance with the original charter we created last year when the project was open sourced. Please review the following branches for changes to documents
Community Repo - https://github.com/zowe/community/tree/20190418-process-updates Comments and questions can be directed to the mailing lists. One area that we’ve been discussing at the ZLC is succession. We’ve learned a lot this last year from the time we originally open sourced. Some of the accomplishments and lessons learned (in no particular order): * Break the CLI apart from the main Zowe release. * Learned the importance of constant communication. I think this was not a lesson inasmuch as a better understanding at how to communicate openly as many of the participants work for companies accustomed to proprietary software. * Realized the importance of considering existing users of z/OS systems and their unique process and support requirements. * Registered the OpenMainframeProject with IBM as an ISV for z/OS software. * Secured message IDs for ZWE and OMP prefixes to ensure consistent messages and naming * Created the zowe-common-c project as a new project to reduce proprietary binaries * Improved the ZWESIS by allowing multiple versions of Zowe to co-exist on a single z/OS instance (we prefer one but backwards compatibility is important) * Added JWT support into the API Mediation Layer * Worked collaboratively with the IBM z/OSMF team during architecture calls and as we factor in new capability. * Discussed openly how Zowe can be architected to provide for a vendor neutral distribution for support services. * Received a significant amount of media attention via the OMP media relations teams. * Worked with Marist to bring our first z/OS system for community builds on real hardware (almost there) with the popular security managers ACF2, RACF and Top Secret each in their own instance. * Migrated most of our resources to Linux Foundation infrastructure. * Created extensions for VSCode to make accessing z/OS more intuitive (several folks use them internally at IBM and users keep asking to bring their own IDE. * Understood from users that we needed to change our install / packaging and the CUPIDS team came together. In all its been a really good year. One area that has become clearer now is that we need some consistency at the top level as we continue to make a number of changes. To aid in consistency we feel that rather than replacing the ZLC each year a staggered approach is a better alternative. Please review and comment specifically on this document https://github.com/zowe/zlc/blob/20190418-process-updates/process/ZLC%20Succession%20Plan%20-%201.md The unfortunate side effect is that the size of the ZLC will grow over the next few years and then provide a staggered approach to adding new members. I have to give Tim Brooks a nod for the suggestion as it strikes a good balance between loss of continuity and growth of the community through diversity. We will be starting a community wide vote in a little over a week and will allow the voting to take place over a few days to allow for various timezones, vacations and the like. We will tally and complete the voting prior to the face to face at Share for those that can attend. More on the voting process to come this week as we’re still investigating a tool to facilitate the voting. This thread is for discussion as a community. Personally I’m very proud at what we’ve accomplished, how we’ve progressed and where we are going. It’s an honor to work alongside everyone in the community. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [zowe-zlc] [DISCUSS] Updated Governance Documents and ZLC Succession Plan
Tim Brooks
Hi Matt,
Great note - we really have done a lot in the past year.
One question I have is what you are looking to be reviewed in the community repo? I have been working with the other squad leads to have the committers contribute their contact info to a committers list here: https://github.com/zowe/community/blob/Committer-List/Zowe%20Committers.md
Its in a separate branch than the one you had listed in your note.
Tim Brooks
Associate Offering Manager - Zowe
IBM Z
----- Original message ----- |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [zowe-zlc] [DISCUSS] Updated Governance Documents and ZLC Succession Plan
toggle quoted message
Show quoted text
On Mon, Jul 8, 2019 at 10:06 AM Tim Brooks <tim.brooks@...> wrote:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [zowe-zlc] [DISCUSS] Updated Governance Documents and ZLC Succession Plan
Matt Hogstrom
I wondered that last night as I was making the multi-repo changes. I’ll create a PR for both and looks for a reviewer / approver. Thanks for the suggestion John. Welcome back from vacation.
toggle quoted message
Show quoted text
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [zowe-dev] [zowe-user] [zowe-zlc] [DISCUSS] Updated Governance Documents and ZLC Succession Plan
Matt Hogstrom
Merged branches to https://github.com/zowe/zlc and https://github.com/zowe/community. Branches referred to below have been merged and deleted.
toggle quoted message
Show quoted text
Files of interest for review are: Matt Hogstrom matt@... +1-919-656-0564 PGP Key: 0x90ECB270 Facebook LinkedIn Twitter “It may be cognitive, but, it ain’t intuitive." — Hogstrom On Jul 8, 2019, at 10:30 AM, Matt Hogstrom via Lists.Openmainframeproject.Org <matt=hogstrom.org@...> wrote: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[DISCUSS] Update on Voting
Matt Hogstrom
Last week we continued to discuss our upcoming vote. As I previously indicated, we’ve learned a lot since the community was initially formed and now that we’re at the end of the first year one of the items is to vote on the ZLC composition. We realized that our initial documents didn’t adequately cover the dissolution and reformation of the ZLC. Our current thought process is to update the founding documents with a better structured plan for restructuring the ZLC. The initial ZLC was formed by two participants from each of the founding companies which gives the ZLC 6 seats. To better structure the ZLC formation what we are planning on doing is:
Defer voting for 6 months to line up with the initial release of Zowe in February. Structure the ZLC such that no more than two reps from any company can be seated on the committee. (Not currently in the founding documents) The seats on the ZLC will be for 1 or two year terms. If there are two reps from the same company one seat will be two years and the other will be for one. The community can nominate (or people can self-nominate) for the positions. The entire ZLC will be reformed in February following these guidelines. Our rationale is to build diversity in the ZLC and the community. We feel that these changes will allow us to provide some stability as well as ensure diversity of membership with some safeguards on a single company having too many seats. Defering the vote for a new ZLC allows us 6 months to pull in additional ISVs and interested parties and the updated charter will ensure better stability of the ZLC. To restate the purpose of the ZLC. It is intended as a body to help provide structure and a unified vision for Zowe. Where projects might not be aligned on issues the ZLC can help to arbitrate and make a decision. I is NOT intended to tell projects what they must work on but to set the direction for goals of the combined projects and a vision for the roadmap for Zowe across the projects. The ZLC is also responsible, and most importantly, to ensure that IP, governance and other responsibilities to the OMP and the LF are fulfilled. If you have questions / comments as we progress this discussion please respond to this thread. We will have an updated charter in the next week or so and we will call a vote to update these documents in the next few weeks. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [zowe-dev] [DISCUSS] Update on Voting
Thanks for this Matt. To address the initial election challenge of determine which seats are 1 year and which are 2 year, the general path many of our projects take is to do it by votes received ( meaning, the top 3 vote getters have the 2 year seats, and the other 3 have the 1 year seats ). If there are two individuals from the same org in the top 3, the next highest vote getter not from that org would have the 2 year seat. If there are two individuals from the same org in the next 3 the next highest vote getter not from that org would have the 1 year seat. Let me know your thoughts. Thank you, John Mertic Director of Program Management - Linux Foundation ASWF, ODPi, and Open Mainframe Project On Tue, Jul 16, 2019 at 8:24 AM Matt Hogstrom <matt@...> wrote:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[VOTE] Shifting the Website over to Github from River
Matt Hogstrom
Please review and vote on the shifting of the website from River to Github. The website can be seen here
The Doc squad has created a single page that links out to other documentation and is wholly contained in the GitHub infrastructure enabling all of the community access to managing the website. It makes access better than we have with Wordpress and is more streamlined. If we close the vote this week we can target a shift to this site in time for Share next week. Here is my +1 If there is discussion, please use the zlc slack channel. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
