My company has a policy for secret key rotations every month.
Is it possible to configure Syncovery to fetch the secret key from a file?
Thanks in advance!
Dean.
Is it possible to auto rotate S3 secret key?
Is it possible to auto rotate S3 secret key?
My company has a policy for secret key rotations every month.
Is it possible to configure Syncovery to fetch the secret key from a file?
Thanks in advance!
Dean.
Re: Is it possible to auto rotate S3 secret key?
Hello,
yes, it can be read from a text file using a PascalScript, please see
https://www.syncovery.com/pascalscript/
I hope I can write an example tomorrow.
yes, it can be read from a text file using a PascalScript, please see
https://www.syncovery.com/pascalscript/
I hope I can write an example tomorrow.
Re: Is it possible to auto rotate S3 secret key?
Hi.tobias wrote: Thu Nov 10, 2022 9:02 am Hello,
yes, it can be read from a text file using a PascalScript, please see
https://www.syncovery.com/pascalscript/
I hope I can write an example tomorrow.
Thank you for the quick reply.
An example script would be very helpful.
Thanks again.
Re: Is it possible to auto rotate S3 secret key?
Here it is. You can put it in each profile via Job->PascalScript, or globally for all profiles via the Program Settings dialog, tab sheet Advanced.
Code: Select all
const cTextFilePath='C:\code19\X.txt';
function OnGetProfilePathBeforeListing(const isRightSide:Boolean;
var Path,UserName,Password:UnicodeString;
var AuthKey,AuthKeyPassword:AnsiString;
var Port:Integer):Boolean;
var F:Opaque;
NewPass:UnicodeString;
begin
if Copy(Path,1,5)='S3://' then begin
F:=OpenTextFile(cTextFilePath);
if F<>0 then begin
NewPass:=ReadLine(F);
CloseFile(F);
if (NewPass<>'') and (NewPass<>Password) then begin
Password:=NewPass;
if isRightSide then
SetProfileProperty('RightPassword',NewPass)
else
SetProfileProperty('LeftPassword',NewPass);
SaveProfileSettings;
end;
end;
end;
Result:=true;
end;
Re: Is it possible to auto rotate S3 secret key?
I was able to achieve this with the updated Pascal script, using the correct 'Auth%' properties.
Code: Select all
const cTextFilePath='C:\code19\X.txt';
function OnGetProfilePathBeforeListing(const isRightSide:Boolean;
var Path,UserName,Password:UnicodeString;
var AuthKey,AuthKeyPassword:AnsiString;
var Port:Integer):Boolean;
var F:Opaque;
NewAccessID, NewSecretKey:UnicodeString;
begin
if Copy(Path,1,5)='S3://' then begin
F:=OpenTextFile(cTextFilePath);
if F<>0 then begin
NewAccessID:=ReadLine(F);
NewSecretKey:=ReadLine(F); // Read the second line for the Secret Key
CloseFile(F);
if (NewAccessID<>'') and (NewSecretKey<>'') then begin
// Check and update Access ID
if NewAccessID<>AuthKey then begin
AuthKey:=NewAccessID;
if isRightSide then
SetProfileProperty('RightAuthKey',NewAccessID)
else
SetProfileProperty('LeftAuthKey',NewAccessID);
SaveProfileSettings;
end;
// Check and update Secret Key
if NewSecretKey<>AuthKeyPassword then begin
AuthKeyPassword:=NewSecretKey;
if isRightSide then
SetProfileProperty('RightAuthKeyPassword',NewSecretKey)
else
SetProfileProperty('LeftAuthKeyPassword',NewSecretKey);
SaveProfileSettings;
end;
end;
end;
end;
Result:=true;
end;Re: Is it possible to auto rotate S3 secret key?
Hello,
that's very interesting! The parameter AuthKey actually refers to the internal ID of a private key registered in Syncovery. This setting is not relevant for S3. It could be relevant for SFTP though. Maybe your use case is different from the original post?
Also, the lines SetProfileProperty('RightAuthKey',NewAccessID) and SetProfileProperty('LeftAuthKeyPassword',NewSecretKey) do nothing because these profile properties do not exist.
that's very interesting! The parameter AuthKey actually refers to the internal ID of a private key registered in Syncovery. This setting is not relevant for S3. It could be relevant for SFTP though. Maybe your use case is different from the original post?
Also, the lines SetProfileProperty('RightAuthKey',NewAccessID) and SetProfileProperty('LeftAuthKeyPassword',NewSecretKey) do nothing because these profile properties do not exist.
Re: Is it possible to auto rotate S3 secret key?
Can you please indicate the name of the property name for both Left & Right 'Access ID' and 'Secret Key' (as illustrated above) for us to appropriately set, as they both rotate.
Re: Is it possible to auto rotate S3 secret key?
Hello,
the key ID is simply the UserName variable/parameter in this function.
To set it in the profile, you can use 'LeftUser' and 'RightUser' for the call to SetProfileProperty.
The Secret Key is the password as used in the original function that I posted.
the key ID is simply the UserName variable/parameter in this function.
To set it in the profile, you can use 'LeftUser' and 'RightUser' for the call to SetProfileProperty.
The Secret Key is the password as used in the original function that I posted.
Re: Is it possible to auto rotate S3 secret key?
That did the trick. Thank you so much..
Please find below the Sample Working Script
Please find below the Sample Working Script
Code: Select all
const cTextFilePath='X:\Win64\AWSAccessKeys\s3-user.txt';
function OnGetProfilePathBeforeListing(const isRightSide:Boolean;
var Path,UserName,Password:UnicodeString;
var AuthKey,AuthKeyPassword:AnsiString;
var Port:Integer):Boolean;
var F:Opaque;
NewAccessID, NewSecretKey:UnicodeString;
begin
if Copy(Path,1,5)='S3://' then begin
F:=OpenTextFile(cTextFilePath);
if F<>0 then begin
NewAccessID:=ReadLine(F);
NewSecretKey:=ReadLine(F); // Read the second line for the Secret Key
CloseFile(F);
if (NewAccessID<>'') and (NewSecretKey<>'') then begin
// Check and update Access ID
if NewAccessID<>AuthKey then begin
AuthKey:=NewAccessID;
if isRightSide then
SetProfileProperty('RightUser',NewAccessID)
else
SetProfileProperty('LeftUser',NewAccessID);
SaveProfileSettings;
end;
// Check and update Secret Key
if NewSecretKey<>AuthKeyPassword then begin
AuthKeyPassword:=NewSecretKey;
if isRightSide then
SetProfileProperty('RightPassword',NewSecretKey)
else
SetProfileProperty('LeftPassword',NewSecretKey);
SaveProfileSettings;
end;
end;
end;
end;
Result:=true;
end;Re: Is it possible to auto rotate S3 secret key?
Hi,
just a small correction, you should be using UserName instead of AuthKey and Password instead of AuthKeyPassword:
just a small correction, you should be using UserName instead of AuthKey and Password instead of AuthKeyPassword:
Code: Select all
const cTextFilePath='X:\Win64\AWSAccessKeys\s3-user.txt';
function OnGetProfilePathBeforeListing(const isRightSide:Boolean;
var Path,UserName,Password:UnicodeString;
var AuthKey,AuthKeyPassword:AnsiString;
var Port:Integer):Boolean;
var F:Opaque;
NewAccessID, NewSecretKey:UnicodeString;
begin
if Copy(Path,1,5)='S3://' then begin
F:=OpenTextFile(cTextFilePath);
if F<>0 then begin
NewAccessID:=ReadLine(F);
NewSecretKey:=ReadLine(F); // Read the second line for the Secret Key
CloseFile(F);
if (NewAccessID<>'') and (NewSecretKey<>'') then begin
// Check and update Access ID
if NewAccessID<>UserName then begin
UserName:=NewAccessID;
if isRightSide then
SetProfileProperty('RightUser',NewAccessID)
else
SetProfileProperty('LeftUser',NewAccessID);
SaveProfileSettings;
end;
// Check and update Secret Key
if NewSecretKey<>Password then begin
Password:=NewSecretKey;
if isRightSide then
SetProfileProperty('RightPassword',NewSecretKey)
else
SetProfileProperty('LeftPassword',NewSecretKey);
SaveProfileSettings;
end;
end;
end;
end;
Result:=true;
end;