Secure the SAP Login Data¶

Requirements¶

For the requirements for using PLOSSYS CLI, refer to PLOSSYS CLI.

Usage¶

Securing the access to SAP oData Print API and SAP Spool on Windows or Linux is done by encrypting the passwords used for the communication with the SAP system.

This is how you encrypt passwords with PLOSSYS CLI:

Open a Command Prompt or PowerShell.
Call PLOSSYS CLI to create a new secret for encrypting passwords. There is one secret for all communication arrangements defined. The --secretFile parameter is optional. Use it if you want to store the generated secret in a JSON file. Otherwise the secret will be shown as the command output.
```
plossys security createPwdSecret --secretFile <fileName>
```
Example
```
PS C:\Users\admin_user> plossys security createPwdSecret --secretFile mySecret.json
✓ Secret written to file 'mySecret.json'
PS C:\Users\admin_user> more .\mySecret.json
{
"pwdSecret": "77a170b0df696bb9cca3c08a542312cc"
}
```
Store the generated secret in Consul. You have two options respective two different environment keys available for storage:
- SECRET
  
  Use this key if you want to store the secret directly.
- SECRET_FILE
  
  Use this key if you used the --secretFile option when creating the secret. The key specifies the location of the secret file.
For the SAP oData Print API set the key for the cpm-checkin service.

For SAP Spool for Windows or Linux set the key for the co-notifier service.

If you use both, we recommend to set only one secret for any service to be used by both services. If a key is set for any and a specific service as well, the specific setting has higher priority.

Caution

Before setting either SECRET or SECRET_FILE check if there are prior values set. Previously configured encrypted passwords can not be decrypted if you overwrite the secret with a new value.
For each password, encode the password with the secret file or secret.
```
plossys security encryptPwd <password> --secretFile <fileName>
```