Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Cloud Connector Commands

Skyhigh Cloud Connector commands (CLI commands) allow you to update the new passwords, configuration names, new user details, and configuration checks and registry updates. The information stored is secured in the database.

Credentials and Auth Check

When you enter your credentials, Skyhigh Cloud Connector uses the Bouncy Castle hashing function to store user passwords in the database. Storing the password locally allows CC to communicate to Skyhigh CASB to periodically upload things such as processed events, logs, and health reports. 

  • Because the passwords are stored locally, it is possible to access the CC web UI when internet access is not available.
  • If a user’s password is updated via User Settings through the Skyhigh CASB dashboard, it must be updated explicitly on CC via the CLI command. 

NOTE: Starting with Skyhigh CASB 5.4.0 onwards, by default Skyhigh Cloud Connector is Federal Information Processing Standards (FIPS) compliant.

Update Cloud Connector Properties using CLI Commands

Follow the below steps to update the Cloud Connector properties using CLI commands:

  1. Stop the CC service. 
  2. The below table lists some of the frequently used Cloud Connector property names that can be updated using the corresponding CLI commands:
Property Name CLI commands
UserName
./shnlpcli sp --name u --val <Newuser> --encrypt

Replace <Newuser> with a new user name. For example, if the new user name is User1, the CLI command would look as below:

./shnlpcli sp --name u --val User1 --encrypt
Password
./shnlpcli sp --name p --val <password> --encrypt 

Replace <password> with a new password. For example, if the new password is Welcome@123, the CLI command would look as below:

./shnlpcli sp --name p --val Welcome@123 --encrypt

ConfigName

./shnlpcli sp --name configName --val <NewConfig>

Replace <NewConfig> with a new config name. For example, if the new config name is Config1, the CLI command would look as below:

./shnlpcli sp --name configName --val Config1
Proxy Host
./shnlpcli sp --name proxyHost --val <IP Address> --encrypt

Replace <IP Address> with a new IP Address. For example, if the new IP Address is 172.18.15.27, the CLI command would look as below:

./shnlpcli sp --name proxyHost --val 172.18.15.27 --encrypt
Proxy Port
./shnlpcli sp --name proxyPort --val <Port> --encrypt

Replace <port> with a new port. For example, if the new port is 8763, the CLI command would look as below:

./shnlpcli sp --name proxyPort --val 8763 --encrypt

IMPORTANT: The following command lists all CLI commands available in CC:

root@ecqa-automation00-new:/shn/balu-perf# ./shnlpcli --help
  1. Start the CC service after executing the CLI commands.

For more assistance on CLI commands, contact Skyhigh Support.

Tokenization and Secrets

SHA-1 or SHA-256 is used for tokenizing user names, source IPs, and Active Directory custom attributes (if configured), which combines the secret salt, or password with the value.

To dynamically detokenize when dashboard pages are rendered, the browser calls the CC detokenization server over port 443. It then fetches the information and displays the corresponding clear text values. 

Config Check and Registry Update

CC periodically checks configuration and Skyhigh CASB Registry updates, and syncs the following changes to the local instance:

  • If Tokenization is enabled, SHA-1 or SHA-256 is used. 
  • CC configuration is updated every five minutes.
  • The Registry is updated every three hours.
  • Was this article helpful?