As user credentials must not be persisted in human-readable text for security reasons, the passwords for users cannot be defined in the hardware declaration file.
Instead, credentials for a PLC's users can be managed through the manage-users command.
Prerequisite for configuring user credentials is executing setup-secure-communication command.
To set the password for the user from the above hardware declaration file example, run
apax hwc manage-users --input "example.hwl.json" --moduleName "PLC_1" set-password --userName "User1" --password "ExamplePassword#123"
This will set the password for User1 to ExamplePassword#123.
The password will never be saved in clear text by the set-password command.
Instead, security algorithms are applied to protect the password; and it will be saved to the security configuration file for PLC_1.
Storing the hash of the password is sufficient for compiling the PLC configuration, but the password cannot be determined from the saved data.
Note that a password needs to be set for every user specified in the hardware declaration file.
Password policy :
| Properties | Values |
|---|---|
| Minimum length | 8 |
| Maximum length | 120 |
| Minimum numeric digit | 1 |
| Minimum special character | 0 |
| Minimum upper case length | 1 |
| Minimum lower case length | 1 |
To view the list of users for which credentials have already been configured, you can run the manage-users list command:
apax hwc manage-users --input "example.hwl.json" --moduleName "PLC_1" list
To delete a user and its credentials from the security configuration file, the manage-users delete can be used, e.g.:
apax hwc manage-users --input "example.hwl.json" --moduleName "PLC_1" delete --userName "user1"