Security Best Practices
- Protect OAuth2 Credentials
- Never commit
detect-cli.propertieswith real credentials to version control - Use environment-specific configuration files
- Rotate credentials regularly using
clientDetailsutility
- Never commit
- File
Permissions
# Restrict access to configuration files chmod 600 $HCL_UNICA_DETECT_HOME/tools/conf/detect-cli.properties chown detect:detect $HCL_UNICA_DETECT_HOME/tools/conf/detect-cli.properties - Use Service Accounts
- Create dedicated Platform users for CLI automation
- Grant minimum required permissions (read-only for configuration queries)
- Don't use personal accounts in production scripts
- Audit
Logging
# Log all CLI executions for compliance ./CliTool.sh get-all-datasource-names-for-logged-in-user | \ tee -a /var/log/detect-cli/audit-$(date +%Y%m%d).log