Skip to main content
Announcements
Global Transformation Awards! Applications are now open. Submit Entry
cancel
Showing results for 
Search instead for 
Did you mean: 
greenee
Contributor III
Contributor III

QlikView Connection string creation without Human intervention

Hi

I have a new requirement to be able to create the QlikView connection string for production, without any human intervention.

Our passwords are stored in a vault, in which the passwords CAN be extracted via a shell script.
This MIGHT be able to be stored into a text file probably. (not sure of this at the moment, so will assume yes for this example)

Once this is done, is there a way to create a connection string with the credentials stored in that file (if it can be stored into a file), so that a HUMAN doesn't have to know the password to create the connection string ?

Many thanks for any help on this subject and please ask questions if more info needed.

Kind Regards

Greenee

Labels (2)
3 Replies
Chip_Matejowsky
Support
Support

Hi @greenee 

To clarify, you want to extract the QlikView service account password from a vault when creating connection strings to backend databases? I'm not sure if that is possible. Which connectors are in use?

Best Regards 

Principal Technical Support Engineer with Qlik Support
Help users find answers! Don't forget to mark a solution that worked for you!
marcus_sommer

A connection string could be created per combination of n variables which may return different values depending on the used environment, the calling application ... what ever. And therefore the wanted user-credentials could be also integrated as variables.

Reading the credentials from a file would be quite simple and the request itself might be triggered with an EXECUTE statement. Thinkable would be also to fetch the information directly from the vault if it provides any API which is callable from the Qlik side.

But from a security point of view all of these measurements will have some risks and maybe more as the usual best practice which is to use n (nested) include-variables (outsourcing and centralizing the relevant script on a place which could only the service-user access) within a hidden script-tab (separately secured with a password) which code is extra encrypted and not displayed within progress-window or the document-log. 

greenee
Contributor III
Contributor III
Author

Thank you both for your responses, sorry for late reply, I have been on holiday.

@Chip
We have a process that can get the password from the vault, and this can probably be saved as a file.
This could then be read by another automated process, that creates the string. (This is the part I'm after, but perhaps both functions could be implemented in one process)
The connections are just normal Oracle 19 ODBC or OLE DB connections to the DB.

We have a central "$(Include=..\..\qvsscripts\database_connection.qvs);" in all our scripts, which goes to that directory and picks up the various connection strings when needed, to various DB's.
$(Include=..\..\qvsscripts\database_connection_1.qvs);
$(Include=..\..\qvsscripts\database_connection_2.qvs); etc.

We have DEV, UAT and Prod environments, which obviously have different strings.

@marcus
I'll check if the Vault has an API, but currently this is done via shellscript.

Kind regards
Greenee