Skip to main content
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
jarredacurtis
Contributor
Contributor

Rotate Qlik Replicate Endpoint Passwords

Is there an API or CLI command for changing Relipcate Endpoint passwords?  Our organization requires password rotations and we are setting up many endpoints.  Having to manually touch every endpoint in the GUI to update the passwords would be painful.  Ideally there would be some type of command line utility we could script to update the endpoints when the passwords are rotated in the databases.

7 Replies
PabloV
Contributor III
Contributor III

Hi Jarred, by any chance were you able to figure out a solution to this problem? I'm currently facing the scenario where we need to rotate the passwords for some replicate endpoints. Any info will be appreciated, thanks!

jarredacurtis
Contributor
Contributor
Author

>From what I understand they have finally implemented an API for this in the latest software release. We are currently planning to upgrade and test the API in the next few months.
PabloV
Contributor III
Contributor III

Do you mean the API where you export a JSON file for a task and then update the "authenticator" section in your endpoint with a new password, then re-import that JSON and restart the server so the new password takes effect? 
That's what I'm testing right now... Via API, or through SSM requests (AWS).
Please let me know if you are referring to a different API, that's all I could find. Thanks.

SushilKumar
Support
Support

Hello Team,

Password for Endpoint are stored in encrypted form and seems whenever, any task is exported its does not have Passwords for participating endpoints.  And Encryption algorithm is not exposed to anyone.

So it could be a reason that it may not be changed by import of the task. 

hope this helps.

Regards,

Sushil Kumar 

krishnakarthiks
Contributor
Contributor

Hi Team,

Do we have any solution from Qlik Replicate or Enterprise Manager API to rotate the replicate endpoints connections passwords. 

We have a similar requirement to rotate GCS endpoint passwords.

 

Regards

Karthik

PabloV
Contributor III
Contributor III

Hi,
I was able to rotate passwords using AEM API (formally known as Attunity Enterprise Manager), I believe it is the same as the one you are referring to.

With API Requests you can:
Get list of servers
Get endpoints by service account
Patch endpoints by server

Look for the endpoint patching api in the documentation. The code would look something like this:

patch = [{"op":"replace","path":"/db_settings/password","value":'Newpassword'}]
encoded_payload = json.dumps(patch).encode('utf-8')
PathEndpointURL = "https://"+baseUrl+"/servers/"+'servername'+"/endpoints/"+'endpointName'
headers_content_length=str(len(encoded_payload))
att_response = http.request('PATCH', PathEndpointURL, body=encoded_payload, headers={"%s" % AEMString : "%s" % AEMToken,"HEADERS_CONTENT_TYPE":"application/json; charset=utf-8","HEADERS_CONTENT_LENGTH":"%s" % headers_content_length})

You can validate the changes took place by retrieving the passwords again. 

krishnakarthiks
Contributor
Contributor

Thank you @PabloV ; I was going through this topic in help documentation. The requirement is more on GCS and S3 endpoints. These end points has json credentials and secrets, so I'll have to figure out if Patch endpoint can be leveraged for GCS and S3 endpoints.