The connection information (username, password, app token, paths) for each connector needs to be encrypted. Up to memoQ server 9.7, only the password field was encrypted in git connector, and the Content Connector client did the encryption locally. This meant that setting up SVN or git connections was only possible on the machine where the Content Connector Server was running, in a very specific configuration. Now the Content Connector server does the encryption, and stores all connection information encrypted in the database. The secret for each connection is created in the %PROGRAMDATA%\Kilgray CP Server\.secret folder, and is protected by machine-wide DPAPI encryption. This means that:
- If you just upgraded either Content Connector server 2.x or Content Connector client 1.4, to version 3.x, you need to upgrade the other part, too. Otherwise users will get error messages when trying to create an SVN- or git-connected project in memoQ.
- To keep using connections created with an earlier version of the git connector, you need to first edit them, and enter their passwords again - so that the Content Connector server can do the encrypting.
- To move a connection to another Content Connector server, you need a special tool.
You need credentials (username and password, app token, etc.) to connect to different git and Subversion (SVN) servers. These credentials must be stored encrypted. Git Connector uses the Windows Data Protection API (DPAPI) to encrypt or decrypt credentials. DPAPI derives a symmetric key from the user's login secrets, and uses this key to encrypt the protected secret keys. This means that the Windows process that sets and encrypts these secrets (that is, Content Connector Client) needs to run under the same user as the process that decrypts and uses the secrets (the Content Connector Service).
Create a service user
The service user needs to have certain permissions: for the File system connector, it needs file system access permission to access the folders. For the SVN connector or the Git connector, it needs network access permission to access the network. The service user needs to be either a local user on the machine running the memoQ server – or, if the machine is part of a Windows domain, a domain user.
Configure the memoQ Content Connector Service to run with the service user
Normally, memoQ Content Connector Service runs as local service account. Local service accounts cannot log in interactively to the machine, so they cannot run Content connector client.
- Run Windows's Services app.
- Right-click memoQ content connector service in the list, and click Stop in the context menu.
- Right-click memoQ content connector service again, and click Properties in the context menu.
- On the Log on tab, under Log on as, choose the This account option.
- Enter the service user's username and password as shown below.
- Right-click memoQ content connector service again, and click Start in the context menu.
Run Content Connector Client with the service user
The Content Connector Client application needs to run with the same user running the service (see above). To do this:
- Open the Windows Start menu.
- Click the memoQ content connector folder, and right-click the memoQ content connector client icon.
- Click the More sub-menu, then click Run as a different user.
- Enter the same service user's username and password as above.
- In the Content Connector client, set up git connections as needed.
When you finish
After you finish this, users can create content-connected memoQ projects using the connections you created.