{"id":1588,"date":"2024-04-04T13:27:59","date_gmt":"2024-04-04T12:27:59","guid":{"rendered":"https:\/\/marketaylor.synology.me\/?p=1588"},"modified":"2024-04-04T13:28:01","modified_gmt":"2024-04-04T12:28:01","slug":"runmqsc-passwords","status":"publish","type":"post","link":"https:\/\/marketaylor.synology.me\/?p=1588","title":{"rendered":"Passwords with runmqsc scripts"},"content":{"rendered":"\n

This is not a new question, but it has come in again several times in the last few weeks: how best to script MQSC operations where the connection requres a password. Rather than repeat the answer, I’ve put it here for convenience.<\/p>\n\n\n\n\n\n\n\n

Entering passwords for runmqsc<\/h3>\n\n\n\n

If you are using runmqsc <\/strong>interactively, then you may get a prompt to type in a password before any MQSC commands can be run. This is (almost) always going to be true when using client connections to the queue manager. And it might be true even for local connections.<\/p>\n\n\n\n

$ export MQSERVER=SYSTEM.ADMIN.SVRCONN\/TCP\/localhost\n$ runmqsc -c -u metaylor QM1\n5724-H72 (C) Copyright IBM Corp. 1994, 2024.\nEnter password:\n********\nStarting MQSC for queue manager QM1.\n\n\ndis qmgr qmname\n     1 : dis qmgr qmname\nAMQ8408I: Display Queue Manager details.\n   QMNAME(QM1)<\/pre>\n\n\n\n
The scripting problem<\/h3>\n\n\n\n
What if I want to enter the commands from a repeatable script?<\/p>\n\n\n\n
When I’ve been sent this question, it always seems to be prefixed with “We have seen a recommendation to put the password as the first line of the script”.  We can build that script easily enough:<\/p>\n\n\n\n
$ cat  << EOF > \/tmp\/my.mqsc\nmyPassword\nDIS QMGR QMNAME\nEOF<\/pre>\n\n\n\n
And then run it:<\/p>\n\n\n\n
$ runmqsc -c -u metaylor QM1 < \/tmp\/my.mqsc\n5724-H72 (C) Copyright IBM Corp. 1994, 2024.\nEnter password:\nStarting MQSC for queue manager QM1.\n\n\n     1 : DIS QMGR QMNAME\nAMQ8408I: Display Queue Manager details.\n   QMNAME(QM1)<\/pre>\n\n\n\n
But that’s certainly not my recommendation on how to do it. This approach has some fundamental flaws:<\/p>\n\n\n\n
    \n
  1. It makes it hard to manage the scripts – any password change has to be reflected in them<\/li>\n\n\n\n
  2. The script is tied to the user who is running the script. Maybe not a problem when it’s always running under the same account as part of a controlled (eg devops) environment, but it can be awkward when different people want to run the same scripts against their own queue managers<\/li>\n\n\n\n
  3. The password is visible in the file! Anyone who can read the file can see the password.<\/li>\n<\/ol>\n\n\n\n
    The solution<\/h3>\n\n\n\n
    The simple way of doing this in a much more secure and controllable fashion is to manage the passwords separately from the MQSC commands. But we can still automate the execution. And we don’t need to use insecure alternatives such as environment variables. (Remember that environment variables might be shown to anyone using the ps<\/code> command.)<\/p>\n\n\n\n
    The “trick” is to combine two operations into a single stream using parentheses in the shell environment. Both the password and the real script are sent to the runmqsc <\/strong>stdin <\/em>stream. <\/p>\n\n\n\n
    A simple demonstration is:<\/p>\n\n\n\n
    $ echo \"DIS QMGR QMNAME\" > \/tmp\/my.mqsc\n$ (echo myPassword; cat \/tmp\/my.mqsc) | runmqsc -c -u metaylor QM1\n\nor\n\n$ (cat .myPasswordFile;cat \/tmp\/my.mqsc) | runmqsc -c -u metaylor QM1<\/pre>\n\n\n\n
    The password is not visible to anyone, and it is not in the real MQSC script. I can vary the userid at will, along with the password,  without ever needing to edit the script. Remember that echo<\/code> is usually a shell builtin command so is not forked into a separate process where the parameter might be visible.<\/p>\n\n\n\n
    Because the password is independent of the MQSC script, you can use any convenient mechanism of your choice to obtain it. Perhaps read it into a local variable in your driving script and then use it in the combined invocation:<\/p>\n\n\n\n
    pw=`extract password from a vault`\nor \npw=`cat $HOME\/.myPasswordFile`\n\n(echo $pw;cat \/tmp\/my.mqsc) | runmqsc -c -u metaylor QM1<\/pre>\n\n\n\n
    The same approach can also be used on Windows with a slightly varied syntax. For example:<\/p>\n\n\n\n
    (echo %PW% && type c:\\temp\\my.mqsc) | runmqsc -c -u metaylor QM1<\/pre>\n","protected":false},"excerpt":{"rendered":"
    This is not a new question, but it has come in again several times in the last few weeks: how best to script MQSC operations where the connection requres a password. Rather than repeat the answer, I’ve put it here for convenience.<\/p>\n","protected":false},"author":1,"featured_media":1007,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5],"tags":[35,20,104],"class_list":["post-1588","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mq","tag-ibmmq","tag-mqseries","tag-security"],"yoast_head":"\nPasswords with runmqsc scripts - Mark Taylor's Blog<\/title>\n<meta name=\"description\" content=\"A short article showing how to handle passwords in a secure fashion for runmqsc MQSC scripts.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/marketaylor.synology.me\/?p=1588\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Passwords with runmqsc scripts - Mark Taylor's Blog\" \/>\n<meta property=\"og:description\" content=\"A short article showing how to handle passwords in a secure fashion for runmqsc MQSC scripts.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/marketaylor.synology.me\/?p=1588\" \/>\n<meta property=\"og:site_name\" content=\"Mark Taylor's Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-04T12:27:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-04T12:28:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/marketaylor.synology.me\/wp-content\/uploads\/2021\/10\/padlock-small.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"282\" \/>\n\t<meta property=\"og:image:height\" content=\"188\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mark\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@marketaylor\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/?p=1588#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/?p=1588\"},\"author\":{\"name\":\"Mark\",\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/#\\\/schema\\\/person\\\/2d6f4113ff54187023e20c20186bbb3c\"},\"headline\":\"Passwords with runmqsc scripts\",\"datePublished\":\"2024-04-04T12:27:59+00:00\",\"dateModified\":\"2024-04-04T12:28:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/?p=1588\"},\"wordCount\":466,\"commentCount\":1,\"image\":{\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/?p=1588#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/marketaylor.synology.me\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/padlock-small.jpg\",\"keywords\":[\"ibmmq\",\"mqseries\",\"security\"],\"articleSection\":[\"IBM MQ\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/marketaylor.synology.me\\\/?p=1588#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/?p=1588\",\"url\":\"https:\\\/\\\/marketaylor.synology.me\\\/?p=1588\",\"name\":\"Passwords with runmqsc scripts - Mark Taylor's Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/?p=1588#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/?p=1588#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/marketaylor.synology.me\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/padlock-small.jpg\",\"datePublished\":\"2024-04-04T12:27:59+00:00\",\"dateModified\":\"2024-04-04T12:28:01+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/#\\\/schema\\\/person\\\/2d6f4113ff54187023e20c20186bbb3c\"},\"description\":\"A short article showing how to handle passwords in a secure fashion for runmqsc MQSC scripts.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/?p=1588#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/marketaylor.synology.me\\\/?p=1588\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/?p=1588#primaryimage\",\"url\":\"https:\\\/\\\/marketaylor.synology.me\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/padlock-small.jpg\",\"contentUrl\":\"https:\\\/\\\/marketaylor.synology.me\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/padlock-small.jpg\",\"width\":282,\"height\":188,\"caption\":\"padlock\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/?p=1588#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/marketaylor.synology.me\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Passwords with runmqsc scripts\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/#website\",\"url\":\"https:\\\/\\\/marketaylor.synology.me\\\/\",\"name\":\"Mark Taylor's Blog\",\"description\":\"Messaging, Music and Moving Around\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/marketaylor.synology.me\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/marketaylor.synology.me\\\/#\\\/schema\\\/person\\\/2d6f4113ff54187023e20c20186bbb3c\",\"name\":\"Mark\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9a5ae091c43730194cba7cabb5d65c1dc3f48d05caaddec6ff2319a1ce66376f?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9a5ae091c43730194cba7cabb5d65c1dc3f48d05caaddec6ff2319a1ce66376f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9a5ae091c43730194cba7cabb5d65c1dc3f48d05caaddec6ff2319a1ce66376f?s=96&d=mm&r=g\",\"caption\":\"Mark\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/marketaylor\"],\"url\":\"https:\\\/\\\/marketaylor.synology.me\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Passwords with runmqsc scripts - Mark Taylor's Blog","description":"A short article showing how to handle passwords in a secure fashion for runmqsc MQSC scripts.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/marketaylor.synology.me\/?p=1588","og_locale":"en_GB","og_type":"article","og_title":"Passwords with runmqsc scripts - Mark Taylor's Blog","og_description":"A short article showing how to handle passwords in a secure fashion for runmqsc MQSC scripts.","og_url":"https:\/\/marketaylor.synology.me\/?p=1588","og_site_name":"Mark Taylor's Blog","article_published_time":"2024-04-04T12:27:59+00:00","article_modified_time":"2024-04-04T12:28:01+00:00","og_image":[{"width":282,"height":188,"url":"https:\/\/marketaylor.synology.me\/wp-content\/uploads\/2021\/10\/padlock-small.jpg","type":"image\/jpeg"}],"author":"Mark","twitter_card":"summary_large_image","twitter_creator":"@marketaylor","twitter_misc":{"Written by":"Mark","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/marketaylor.synology.me\/?p=1588#article","isPartOf":{"@id":"https:\/\/marketaylor.synology.me\/?p=1588"},"author":{"name":"Mark","@id":"https:\/\/marketaylor.synology.me\/#\/schema\/person\/2d6f4113ff54187023e20c20186bbb3c"},"headline":"Passwords with runmqsc scripts","datePublished":"2024-04-04T12:27:59+00:00","dateModified":"2024-04-04T12:28:01+00:00","mainEntityOfPage":{"@id":"https:\/\/marketaylor.synology.me\/?p=1588"},"wordCount":466,"commentCount":1,"image":{"@id":"https:\/\/marketaylor.synology.me\/?p=1588#primaryimage"},"thumbnailUrl":"https:\/\/marketaylor.synology.me\/wp-content\/uploads\/2021\/10\/padlock-small.jpg","keywords":["ibmmq","mqseries","security"],"articleSection":["IBM MQ"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/marketaylor.synology.me\/?p=1588#respond"]}]},{"@type":"WebPage","@id":"https:\/\/marketaylor.synology.me\/?p=1588","url":"https:\/\/marketaylor.synology.me\/?p=1588","name":"Passwords with runmqsc scripts - Mark Taylor's Blog","isPartOf":{"@id":"https:\/\/marketaylor.synology.me\/#website"},"primaryImageOfPage":{"@id":"https:\/\/marketaylor.synology.me\/?p=1588#primaryimage"},"image":{"@id":"https:\/\/marketaylor.synology.me\/?p=1588#primaryimage"},"thumbnailUrl":"https:\/\/marketaylor.synology.me\/wp-content\/uploads\/2021\/10\/padlock-small.jpg","datePublished":"2024-04-04T12:27:59+00:00","dateModified":"2024-04-04T12:28:01+00:00","author":{"@id":"https:\/\/marketaylor.synology.me\/#\/schema\/person\/2d6f4113ff54187023e20c20186bbb3c"},"description":"A short article showing how to handle passwords in a secure fashion for runmqsc MQSC scripts.","breadcrumb":{"@id":"https:\/\/marketaylor.synology.me\/?p=1588#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/marketaylor.synology.me\/?p=1588"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/marketaylor.synology.me\/?p=1588#primaryimage","url":"https:\/\/marketaylor.synology.me\/wp-content\/uploads\/2021\/10\/padlock-small.jpg","contentUrl":"https:\/\/marketaylor.synology.me\/wp-content\/uploads\/2021\/10\/padlock-small.jpg","width":282,"height":188,"caption":"padlock"},{"@type":"BreadcrumbList","@id":"https:\/\/marketaylor.synology.me\/?p=1588#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/marketaylor.synology.me\/"},{"@type":"ListItem","position":2,"name":"Passwords with runmqsc scripts"}]},{"@type":"WebSite","@id":"https:\/\/marketaylor.synology.me\/#website","url":"https:\/\/marketaylor.synology.me\/","name":"Mark Taylor's Blog","description":"Messaging, Music and Moving Around","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/marketaylor.synology.me\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/marketaylor.synology.me\/#\/schema\/person\/2d6f4113ff54187023e20c20186bbb3c","name":"Mark","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/9a5ae091c43730194cba7cabb5d65c1dc3f48d05caaddec6ff2319a1ce66376f?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/9a5ae091c43730194cba7cabb5d65c1dc3f48d05caaddec6ff2319a1ce66376f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9a5ae091c43730194cba7cabb5d65c1dc3f48d05caaddec6ff2319a1ce66376f?s=96&d=mm&r=g","caption":"Mark"},"sameAs":["https:\/\/x.com\/marketaylor"],"url":"https:\/\/marketaylor.synology.me\/?author=1"}]}},"jetpack_featured_media_url":"https:\/\/marketaylor.synology.me\/wp-content\/uploads\/2021\/10\/padlock-small.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/marketaylor.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/1588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/marketaylor.synology.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/marketaylor.synology.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/marketaylor.synology.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/marketaylor.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1588"}],"version-history":[{"count":8,"href":"https:\/\/marketaylor.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/1588\/revisions"}],"predecessor-version":[{"id":1596,"href":"https:\/\/marketaylor.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/1588\/revisions\/1596"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/marketaylor.synology.me\/index.php?rest_route=\/wp\/v2\/media\/1007"}],"wp:attachment":[{"href":"https:\/\/marketaylor.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/marketaylor.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/marketaylor.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}