The Secure Credential Store (SCS) Plug-in for Zowe CLI lets you store your credentials securely in the credential manager of your operating system. The plug-in invokes a native Node module, keytar, that manages user IDs and passwords in a credential manager.
Zowe CLI stores credentials (mainframe username and password) in plaintext on your computer by default. You can use the SCS plug-in to store credentials more securely and prevent your credentials from being compromised as a result of a malware attack or unlawful actions by others.
For detailed command, actions, and option documentation for this plug-in, see our Web Help (available online or as PDF or ZIP):
Before you install the plug-in, meet the software requirements in Software requirements for Zowe CLI plug-ins.
npm@7 and npm@8 Requirements:
Ensure that your computer is connected to the Internet when you install the Secure Credential Store plug-in.
On Windows operating systems, issue the following command before you issue the command to install the Secure Credential Store plug-in:
npm install -g prebuild-install
Use one of the following methods to install or update the plug-in:
Note: Existing user profiles are not automatically updated to securely store credentials.
The plug-in introduces a new command group,
zowe scs, that lets you update existing user profiles and enable/disable the plug-in.
User profiles that you create after installing the plug-in will automatically store your credentials securely.
To secure credentials in existing user profiles (profiles that you created prior to installing the SCS plug-in), issue the following command:
zowe scs update
Profiles are updated with secured credentials.
Example: Secure credentials
The following is an example of securely stored credentials in a user profile configuration file:
type: zosmfhost: testport: 1234user: 'managed by @zowe/secure-credential-store-for-zowe-cli'password: 'managed by @zowe/secure-credential-store-for-zowe-cli'rejectUnauthorized: false
Example: Default credential management
The following is an example of credentials that are stored with the default credential manager:
type: zosmfhost: testport: 1234user: USERNAMEpassword: PASSWORDrejectUnauthorized: false
If you do not want to use the SCS Plug-in for Zowe CLI, choose one of the following methods to deactivate the plug-in:
Uninstall the Plug-in
zowe plugins uninstall @zowe/secure-credential-store-for-zowe-cli command to delete the plug-in from your computer.
When you uninstall the plug-in, existing profiles become invalid and you must recreate them. For more information, see Using profiles.
Reset the Configuration of Credential Manager
zowe config reset CredentialManager command to reset the value of the credential manager configuration to default, which deactivates the plug-in.