HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Add a new idea Subscribe
Status Under Consideration
Workspace Domino
Categories Integration
Created by Guest
Created on Mar 9, 2023

RELATED IDEAS

new server command to sign database

OneTouchSetup delivers the ability to copy external databases and sign them.

we need signing also to be automated, for example, we copy new template and want to sign it.


cp vlaad.ntf /local/notesdata/vlaad.ntf

/opt/<path_to_bin>/server -c "dbSign vlaad.ntf"

  • Attach files
  • Guest
    Reply
    |     Mar 18, 2023

    I have to agree with Thomas. A command line option out of the box is a security risk.
    Not everyone should be able to sign databases. In addtion signing databases with the server.Id is not the right way for a secure environment.
    It would make more sense to have a way to use designated signing IDs for signing and have a controlled request flow for signing. A command line option would undermine the sercurity. Not every admin having access to the console should be able to sign applications. This also includes OS level administrators.

    [ Daniel Nashed https://blog.nashcom.de ]

  • Guest
    Reply
    |     Mar 13, 2023

    I understand the author and its idea very well and see some gaps to implement the CI/CD way in Domino, too.

    One-Touch Setup is a huge step forward in the "Automation and DEVops" way, but for a full automated deployment of an environment we need more.

    1. Source code control of standard design elements like views, forms etc. (not only xpages)

    2. Template build control (create new templates, sign of design elements, copy template to server)
      btw: A few years ago Ulrich Krause showed his ntfbuild tool at the DominoCamp. Such a tool could be the starting point for this "Automation and DEVops" way.

    3. Database creation or design update of existing database

    We need an orchestration tool like Jenkins / Ansible & co. to be in a position to master the new challenges in the modern IT (Domino) world.


  • Guest
    Reply
    |     Mar 10, 2023

    I posted this idea because of "Automation and DEVops". there should be a way to fully automate deployment of templates to production, and signing is important part of it.

  • Guest
    Reply
    |     Mar 10, 2023

    @Thomas Hampel. I see no security risk here. If someone already gained access to the console and potentially local server.id (s), (s)he can write 3 line agent that will do the signing. For protected and secure environment, such command will be beneficial or even may be disabled by NOTES.INI , like FullAccessAdmin can be disabled.

  • Guest
    Reply
    |     Mar 9, 2023
    And if you allow this command only with a form of authentication (authorization key, certificates, …) within the command?
  • Admin
    Thomas Hampel
    Reply
    |     Mar 9, 2023

    Dont want to support this idea. For security reasons signing databases from the command line is not provided.

    What you can do instead is to use the JSON based automated server configuration and request your (new) database to be signed via AdminP.

    see "appConfiguration/databases/signUsingAdminp"

    https://help.hcltechsw.com/domino/12.0.2/admin/inst_onetouch_preparing_json.html

    How about the ability to apply a JSON config at runtime?
    There is an idea for that => https://domino-ideas.hcltechsw.com/ideas/DOMINO-I-2372

Copyright © 2023 HCL Technologies Limited