VMware Cloud Community
rszymczak
Hot Shot
Hot Shot
‎04-17-2016 11:24 AM

Creating SecureString attributes for configuration elements

Hi guys,

wonder if anyone yet tried to save SecureStrings in an automated way. I got the following within an action element:

configElement.setAttributeWithKey(attributeKey, attributeValue);

The input attributeValue in that case is of type SecureString and the workflow calling the action also submits a SecureString object. However, when I look into the saved ConfigurationElement the value is saved as a String in clear-text, so any vRO admin is able to read the data just by browsing. I'm aware that "SecureString" is not as secure as the object name may sound - in fact SecureString objects in any language can easily converted back into Strings of course - but still: there's a reason why that object exists (prevent "quickly getting sensitive data just by viewing").

So I really want that SecureString inside my ConfigurationElement, which is totally possible if manually creating a ConfigurationElement.


If checking the type of the submitted attributeValue inside the action element using:

System.log(typeof attributeValue)

It becomes clear that the attributeValue conversion from SecureString to String happens while the object is submitted to the action. Or so I thought.

Checking the type using typeof in a normal scripting element inside the workflow shows the same result. So I guess, typeof is the issue here, which will always return "String" for a SecureString. Am I correct to suppose that typeof is used by setAttributeWithKey to detect the type to use when creating a ConfigurationElement attribute and that SecureString is only handled differently by the UI, but not the RHINO engine itself (thus, any meaning to the UI get's lost once we use it inside scripts and from that point it's handled as a regular String)?

Some clarification on that topic and - if available - a workaround would be nice.

regards

Robert

Reply
0 Kudos
2 Replies
ericmoody
Contributor
Contributor
‎10-24-2017 11:56 AM

Hi Robert,

Did you ever find a solution to this?

 

Thanks,

Eric

Reply
0 Kudos
Hazenet
Enthusiast
Enthusiast
‎10-24-2017 02:36 PM

When using:

configElement.setAttributeWithKey(attributeKey, attributeValue);

To create a new attribute in a Configuration Element, the result will always be of type "string". You have no way to control what type the attribute should be.

The setAttributeWithKey is best understood as a "update" method.

So if you have a Configuration Element with a attribute of type "SecureString", then you can easily use setAttributeWithKey to update the attribute with a new value, and the type will remain "SecureString".

Likewise if the type of the attribute was say "VC:VirtualMachine". You would have to create the configuration element "structure" first, with all the relevant attributes and with the correct types. By hand.

And then you can use setAttributeWithKey to update them dynamically within a Scriptable Task.

Reply
0 Kudos