Password Security

Specifying a Password Argument

When you supply a password as a command line argument, that argument is visible to casual observers. For example, command line arguments appear in the output of the UNIX ps command.

You can supply password arguments in any of the following four forms. Each form results in a different level of security for the password, along with associated precautions you must take. Choose exactly one form.
Form Description
stdin This form can provide maximum security. After entering the password, it is no longer visible to anyone and no password related information is available from the process command line either in the window, where the schema repository was started in or from the shell command like ps or other similar commands.
You can pipe the password to the schema repository process via stdin. For example, in UNIX environments, you can use this command line: 
echo my_password | tibschemad ... --password stdin

You could use an encrypted password management application to supply the password to stdin. In this scenario, the password is not visible during any task step.

file:file_path This form can provide excellent security as only the file path is visible to observers.

You must create a text file that contains only the password itself, store that file on a file system accessible to the schema repository process, and ensure the security of that file in such a manner to prevent unauthorized users from viewing its contents.

env:environment_var This form can provide excellent security.

You must set an environment variable in the environment accessible to the schema repository process. The value of that variable is the password string. You must ensure that only authorized personnel have access to that shell, where the environment variable is set.

pass:password
Warning: With this form the password remains in the process command line, which is visible to any system user using the command to display running process information. Do not use this form for production deployments.