Configure content connector for SVN and git connections

The connection information (username, password, app token, paths) for each connector needs to be encrypted. Up to memoQ TMS 9.7, only the password field was encrypted in git connector, and the content connector client did the encryption locally. This meant that setting up SVN or git connections was only possible on the machine where the content connector server was running, in a very specific configuration. Now the content connector server does the encryption, and stores all connection information encrypted in the database. The secret for each connection is created in the %PROGRAMDATA%\Kilgray CP Server\.secret folder, and is protected by machine-wide DPAPI encryption. This means that:

  • If you just upgraded either content connector server 2.x or content connector client 1.4 to version 5.x, you need to upgrade the other part, too. Otherwise users will get error messages when trying to create an SVN- or git-connected project in memoQ.
  • To keep using connections created with an earlier version of the git connector, you need to first edit them, and enter their passwords again - so that the content connector server can do the encrypting.
  • To move a connection to another content connector server, use the memoQ content connector management tool. For content connector server versions 3.x and 4.x, you need a special tool.

You need credentials (username and password, app token, etc.) to connect to different git and Subversion (SVN) servers. These credentials must be stored encrypted. Git Connector uses the Windows Data Protection API (DPAPI) to encrypt or decrypt credentials. DPAPI derives a symmetric key from the user's login secrets, and uses this key to encrypt the protected secret keys. This means that the Windows process that sets and encrypts these secrets (that is, content connector client) needs to run under the same user as the process that decrypts and uses the secrets (the content connector Service).

Needs expertise: Only try this procedure if you have experience in creating Windows users and managing their access permissions.

Necessary steps

Log in to the server computer through Remote Desktop

Do this with a user account that has Administrator rights on the computer.

Create a service user

The service user needs to have certain permissions: for the File system connector, it needs file system access permission to access the folders. For the SVN connector or the Git connector, it needs network access permission to access the network. The service user needs to be either a local user on the machine running the memoQ TMS – or, if the machine is part of a Windows domain, a domain user.

For Git connections in content connector 5.1.3 and newer, the service owner

  • needs Administrator rights on the computer, and

  • needs to be the owner of the folder where the Git repository is checked out.

Configure the memoQ content connector service to run with the service user

Normally, the memoQ content connector service runs as a local service account. Local service accounts cannot log in interactively to the machine, so they cannot run content connector client.

This means you need to set up the memoQ content connector service to run under the service user account you created. To do this:

  1. Run Windows's Services app.
  2. Right-click memoQ content connector service in the list, and click Stop in the context menu.
  3. Right-click memoQ content connector service again, and click Properties in the context menu.
  4. On the Log on tab, under Log on as, choose the This account option.
  5. Enter the service user's username and password as shown below.
  6. Right-click memoQ content connector service again, and click Start in the context menu.

cc-set-logon-service

Run content connector client with the service user

The content connector client application needs to run with the same user running the service (see above). To do this:

  1. Open the Windows Start menu.
  2. Click the memoQ content connector folder, and right-click the memoQ content connector client icon.
  3. Click the More sub-menu, then click Run as a different user.
  4. Enter the same service user's username and password as above.
  5. In the content connector client, set up git connections as needed.

When you finish

After you finish this, users can create content-connected memoQ projects using the connections you created.