Zowe CLI profile data at rest
I’m a security professional, working for an infrastructure provider for major financial institutions in Denmark. I’m tasked with doing a risk assessment (and subsequent security approval) of Zowe, and, as part of that, Zowe CLI.
I am reading through the documentation and learn that users can create profiles, saving them from retyping, among other things, username and password.
I am lacking a description of how that information is stored. Is it saved in a regular file? Is it in clear text? Please provide as many details as you can J
From what I can tell about the other aspects of operation of Zowe (and Zowe CLI) the culture around seems to be pretty security aware, so I keep my fingers crossed. J
”De dygtigste vinder sammen, stræber efter enkelhed, fokuseret på kundens bedste”
Zowe CLI stores credentials in plain text. However, you don't need to always store your credentials in the CLI. Zowe CLI is able to accept credentials from other sources such as environment variables.
Using it from automation tools like Jenkins which has its own secure credential storage capability https://jenkins.io/doc/developer/security/secrets/ allows the CLI to consume secure credentials via environment variables.
In the case where you're using it from your laptop and you'd like to store your credentials securely, there are 3rd party plugins available for Zowe that accomplish this.
Global Product Manager | Mainframe DevOps Advisor
Helping Enterprises Achieve Integrated Mainframe DevOps
Broadcom, Pittsburgh, PA