The transformation AES/ECB/PKCS5Padding tells the getInstance method to instantiate the Cipher object as an AES cipher with ECB mode of operation and PKCS5 padding scheme.
It can support different types of encryption algorithms.
After retrieving the encrypted username/password from API, the plugin will decrypt data to be used in the ZebraTester script.
To store the username/password to the Apica ASM servers, run the JAR plugin from the command line and pass the necessary parameters as we’ll describe below.
Use Credentials Manager when:
You are doing ASM monitoring and
You need to pass username/password (or any key/value combinations) in the script but do not want the text string to be stored and transmitted in cleartext.
This plug-in is not intended for Load Testing scenarios.
CyberArk or Credentials Manager?
Some companies use CyberArk to store and fetch their credentials. But if not using a CyberArk Enterprise Password Vault for this purpose, the Credentials Manager can be used to establish login monitoring, with test monitoring usernames and passwords to reasonably obfuscate the passwords.
During ZebraTester script execution, this plugin will run and retrieve the encrypted credentials using Apica’s ASM API, which is encrypted at rest and during transport. The plugin will decrypt the credentials using the specified encryption algorithm and preset, unique, symmetric key (assigned or designated by the customer) and only stored in the memory during the session.
Installing the Credentials Manager Plugin
1. Mandatory: Create an Entry (a new custom dictionary)
First, create the encrypted credentials entry into Apica’s ASM API by running the jar version of the plugin from a command line to open GUI.
Up to 50 key:value pairs can be used for a single dictionary_key as long as the value doesn’t exceed 1000 characters. Credentials Manager 2 also supports long values over 1000 characters (e.g., private keys or certs) but will reduce the number of keys:value pairs that can be stored to around 5 entries.
2. Add the Credentials Manager plugin into ZebraTester
By adding the .class as a plugin to your ZebraTester Script and then passing in the ASM_API_Url, ASM_API_AuthTicket, dictionary_key, shared_secret, and key as an index parameter, you can fetch the encrypted value, which the plugin will decrypt at execution rather than having that value hard-coded into the script as plaintext.
Usage & Syntax:
To retrieve encrypted credentials and decrypt to be used in the ZebraTester script.
Apica ASM API URL
Apica ASM API Auth Ticket
Shared Secret Key
Key (of value)
Value (of Key)
CredentialsManager2UtilityTool_vXX.jar (Used from the GUI)
Encrypt key/value pairs like Username and Password
A successful execution of this will result in Created
To verify it would be using the API command with the above username as the dictionary_key as an example: