Rotate Qlik Replicate Endpoint Passwords - Qlik Community

jarredacurtis · ‎2021-07-15

Is there an API or CLI command for changing Relipcate Endpoint passwords? Our organization requires password rotations and we are setting up many endpoints. Having to manually touch every endpoint in the GUI to update the passwords would be painful. Ideally there would be some type of command line utility we could script to update the endpoints when the passwords are rotated in the databases.

PabloV · ‎2022-07-01

Hi Jarred, by any chance were you able to figure out a solution to this problem? I'm currently facing the scenario where we need to rotate the passwords for some replicate endpoints. Any info will be appreciated, thanks!

jarredacurtis · ‎2022-07-07

>From what I understand they have finally implemented an API for this in the latest software release. We are currently planning to upgrade and test the API in the next few months.

PabloV · ‎2022-07-07

Do you mean the API where you export a JSON file for a task and then update the "authenticator" section in your endpoint with a new password, then re-import that JSON and restart the server so the new password takes effect?
That's what I'm testing right now... Via API, or through SSM requests (AWS).
Please let me know if you are referring to a different API, that's all I could find. Thanks.

SushilKumar · ‎2023-11-14

Hello Team,

Password for Endpoint are stored in encrypted form and seems whenever, any task is exported its does not have Passwords for participating endpoints. And Encryption algorithm is not exposed to anyone.

So it could be a reason that it may not be changed by import of the task.

hope this helps.

Regards,

Sushil Kumar

krishnakarthiks · ‎2024-02-23

Hi Team,

Do we have any solution from Qlik Replicate or Enterprise Manager API to rotate the replicate endpoints connections passwords.

We have a similar requirement to rotate GCS endpoint passwords.

Regards

Karthik

PabloV · ‎2024-02-23

Hi,
I was able to rotate passwords using AEM API (formally known as Attunity Enterprise Manager), I believe it is the same as the one you are referring to.

With API Requests you can:
Get list of servers
Get endpoints by service account
Patch endpoints by server

Look for the endpoint patching api in the documentation. The code would look something like this:

patch = [{"op":"replace","path":"/db_settings/password","value":'Newpassword'}]
encoded_payload = json.dumps(patch).encode('utf-8')
PathEndpointURL = "https://"+baseUrl+"/servers/"+'servername'+"/endpoints/"+'endpointName'
headers_content_length=str(len(encoded_payload))
att_response = http.request('PATCH', PathEndpointURL, body=encoded_payload, headers={"%s" % AEMString : "%s" % AEMToken,"HEADERS_CONTENT_TYPE":"application/json; charset=utf-8","HEADERS_CONTENT_LENGTH":"%s" % headers_content_length})

You can validate the changes took place by retrieving the passwords again.

krishnakarthiks · ‎2024-02-23

Thank you @PabloV ; I was going through this topic in help documentation. The requirement is more on GCS and S3 endpoints. These end points has json credentials and secrets, so I'll have to figure out if Patch endpoint can be leveraged for GCS and S3 endpoints.