Skip to main content
Version: v1.28.x

Secure Credential Store Plug-in for Zowe CLI

Secure Credential Store Plug-in for Zowe CLI

The Secure Credential Store (SCS) Plug-in for Zowe CLI lets you store your credentials securely in the credential manager of your operating system. The plug-in invokes a native Node module, keytar, that manages user IDs and passwords in a credential manager.

Use Cases

Zowe CLI stores credentials (mainframe username and password) in plaintext on your computer by default. You can use the SCS plug-in to store credentials more securely and prevent your credentials from being compromised as a result of a malware attack or unlawful actions by others.

Commands

For detailed command, actions, and option documentation for this plug-in, see our Web Help (available online or as PDF or ZIP):

Software requirements

Before you install the plug-in, meet the software requirements in Software requirements for Zowe CLI plug-ins.

npm@7 and npm@8 Requirements:

  • Ensure that your computer is connected to the Internet when you install the Secure Credential Store plug-in.
  • On Windows operating systems, issue the following command before you issue the command to install the Secure Credential Store plug-in:
npm install -g prebuild-install

Installing

Use one of the following methods to install or update the plug-in:

Note: Existing user profiles are not automatically updated to securely store credentials.

Using

The plug-in introduces a new command group, zowe scs, that lets you update existing user profiles and enable/disable the plug-in.

Securing your credentials

User profiles that you create after installing the plug-in will automatically store your credentials securely.

To secure credentials in existing user profiles (profiles that you created prior to installing the SCS plug-in), issue the following command:

zowe scs update

Profiles are updated with secured credentials.

Example: Secure credentials

The following is an example of securely stored credentials in a user profile configuration file:

type: zosmf
host: test
port: 1234
user: 'managed by @zowe/secure-credential-store-for-zowe-cli'
password: 'managed by @zowe/secure-credential-store-for-zowe-cli'
rejectUnauthorized: false

Example: Default credential management

The following is an example of credentials that are stored with the default credential manager:

type: zosmf
host: test
port: 1234
user: USERNAME
password: PASSWORD
rejectUnauthorized: false

Deactivating the plug-in

If you do not want to use the SCS Plug-in for Zowe CLI, choose one of the following methods to deactivate the plug-in:

Uninstall the Plug-in

Issue the zowe plugins uninstall @zowe/secure-credential-store-for-zowe-cli command to delete the plug-in from your computer.

When you uninstall the plug-in, existing profiles become invalid and you must recreate them. For more information, see Using profiles.

Reset the Configuration of Credential Manager

Issue the zowe config reset CredentialManager command to reset the value of the credential manager configuration to default, which deactivates the plug-in.