Skip to Main Content
Spotfire Ideas Portal
Status Implemented
Product Spotfire
Created by Guest
Created on May 3, 2017

Need a commandline interface to change the Spotfire bootstrap password

As per our security requirements, we need to change all our passwords per every 90 days. Our passwords are auto generated and stored in Secret Server which will expire the passwords and re-generate new ones every 90 days. So we need a way to change the Spotfire bootstrap password without having to completely re-generating the bootstrap file. we have many internal (CI/CD/QA/UAT) and external (PROD) environments and recreating the bootstrap with the exact same information is highly risky and error prone. We were hoping there is a CLI to change the bootstrap password by just providing the old password. We were surprised there is no easy way to do this. This is of high value to us. Appreciate if you could add this feature as a part of a future release or hotfix.

Implemented in 7.7
  • Attach files
  • Guest
    Reply
    |
    Nov 13, 2019

    The config-encryption was added in Spotfire Server 7.7 and is thus available in all subsequent versions: https://docs.tibco.com/pub/spotfire_server/7.11.7/doc/html/TIB_sfire_server_tsas_admin_help/GUID-659D4C45-553E-4AFB-A259-3ED88B3FFC4A.html

  • Guest
    Reply
    |
    Nov 13, 2019

    Hi,
    Can you please let us know if this feature is added to Spotfire 7.11 as a hotfix or is it available only when we upgrade to a different version. If so, what version has this feature?

    Thanks,

    Vinodh Mylvaganam
    Lead Software Engineer
    5500 SW Meadows Road
    Suite 300 Lake Oswego, Oregon 97035
    Office 503-303-1161 | Mobile 971-227-8100
    vmylvaganam@huronconsultinggroup.com
    www.huronconsultinggroup.com

  • Guest
    Reply
    |
    Oct 13, 2018

    If you're referring to the encryption to the encryption password (that is stored in the bootstrap.xml file) then you can use the config-encryption command (added in 7.7). Other information can be updated using the update-bootstrap command (also added in 7.7).

  • Guest
    Reply
    |
    Jul 12, 2017

    If your bootstrap password is compromised then you can go and recreate the bootstrap file using the relevant command, I don't see any problem there. Your requirement was based in the need to change passwords every 90 days, which I think it's nonsense as it's an outdated security practice. And if you bootstrap password is getting compromised on a frequent basis then you should look at why that happens (address the root cause) rather than putting a process in place to address the effect.

    In any case it looks like you are asking for something that's already there as the update-bootstrap config command lets you update bootstrap files.

    https://docs.tibco.com/pub/spotfire_server/7.9.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-E594DFDE-2732-49C1-A748-D25B049E977A.html

  • Guest
    Reply
    |
    Jul 5, 2017

    So, are you saying if the bootstrap password is compromised somehow, we are never to change it? All that we are asking is for a way to change the bootstrap password without having to recreate the bootstrap. Any application that is secured with a password should have some way to change it when needed. Be it getting changed on a periodic basis or not is secondary. There should definitely be a way to change it if the password is forgotten or compromised.

    And for your information, this request is not from our IT department. This is coming from our clients IT departments. We are not going to advise all of them with the NIST recommendations.

  • Guest
    Reply
    |
    Jul 3, 2017

    This is nonsense. You shouldn't be changing Application passwords. In fact NIST (the National Institute of Standards and Technology) has finally changed their advice and now they recommend no more periodic password changes. Talk to your IT Security team and have them update their policies based on the best practice.

    https://venturebeat.com/2017/04/18/new-password-guidelines-say-everything-we-thought-about-passwords-is-wrong/