Cloud Connector Commands
Skyhigh Cloud Connector commands allow you to update the new passwords, configuration names, new user details, and configuration checks and registry updates. The information stored are secured in the database.
Credentials and Auth Check
When you enter your credentials, Skyhigh Cloud Connector uses the Bouncy Castle hashing function to store user passwords into the database. Storing the password locally allows CC to communicate to Skyhigh CASB to periodically upload things such as processed events, logs, and health reports.
- Because the passwords are stored locally, it is possible to access the CC web UI when internet access is not available.
- If a user’s password is updated via User Settings through the Skyhigh CASB dashboard, it must be updated explicitly on CC via the CLI command.
NOTE: Starting with Skyhigh CASB 5.4.0 onwards, by default Skyhigh Cloud Connector is Federal Information Processing Standards (FIPS) compliant.
Update the Cloud Connector Password
To update Cloud Connector password using CLI command, perform the following:
- Stop the CC service.
- Execute the following CLI command:
./shnlpcli sp --name p --val <password> --encrypt Replace <password> with the new password. For example: ./shnlpcli sp --name p --val Welcome@123 --encrypt - Start the CC service.
Update config. name in Cloud Connector
To update config. name in Cloud Connector using CLI command, perform the following:
- Stop the CC service.
- Execute the following CLI command:
./shnlpcli sp --name configName --val NewConfig. Replace <NewConfig> with a new config name. For example: ./shnlpcli sp --name configName --val Config1. - Start the CC service.
Update a New User in Cloud Connector
To update a new user in Cloud Connector using CLI command, perform the following:
- Stop the CC service.
- Execute the following CLI command:
./shnlpcli sp --name u --val <Newuser> --encrypt Replace <Newuser> with a new user. For example: ./shnlpcli sp --name u --val User1 --encrypt - Start the CC service.
Tokenization and Secrets
SHA-1 or SHA-256 is used for tokenizing user names, source IPs, and Active Directory custom attributes (if configured), which combines the secret salt, or password with the value.
To dynamically detokenize when dashboard pages are rendered, the browser calls the CC detokenization server over port 443. It then fetches the information and displays the corresponding clear text values.
Config Check and Registry Update
CC periodically checks configuration and Skyhigh CASB Registry updates, and syncs the following changes to the local instance:
- If Tokenization is enabled, SHA-1 or SHA-256 is used.
- CC configuration is updated every five minutes.
- The Registry is updated every three hours.