After a while, time for me to say “Hello, Experts!“. I am being asked recently by my team to provide a solution that secures the password to access HFM application, simplistically want this to be Encrypted.
At first, I would like to extend my thanks to Henri Vilminko “The Finnish Hyperion Guy” for publishing Set Up New HFM API Project In JDeveloper.
HFM API is not encrypting the password thus requires us to find an alternate methodology similar to PasswordEncryption utility or FDMEE’s encryptpassword.bat. As we cannot use the utilities provided for Planning and FDMEE outright.
I started googling for an apt solution that will simplify the complete process, yet ended up with some stop signs.
* HFM API will not accept password in Encrypted form, be it with CSSSystem (or) HSSUtilManager.
* HFM API program (inside .java) can have embedded password and converted to class, during password rotation one need to re-generate the .class file and protect the .java file.
* For every environment an independent .java file need to be created, if we embed the password into a .java file.
* An EXE file will create more hurdles for re-program.
In the end, I could come up with a simplified solution (hope you might have known this all the time, if not below is for you) that requires no stop.
* Create a java program (an executable .jar) for Encryption and Decryption with Private Key
* Make Decryption Program as the Main method
* Call the Decrypted file into HFM API Batch for authenticating and Delete the Decrypted File
- ConnectHFM.java (renamed the program from runConsol) program from Henri’s blog with Delete File command line embedded in the end.
Inside the Batch file: (My Program)
- Set the required class path, epm instance, oracle home etc.,
- Call Decrypt.java
- For Password, invoke read file < D:\Automation\HFMConnect\password.dec
I hope this helps in encrypting your HFM API connectivity without disclosing the password.