TSSFAR utility: SECFILE-encryption key specification not to be in clear text

Document ID : KB000117165
Last Modified Date : 09/10/2018
Show Technical Document Details
Introduction:
We execute utility TSSFAR once in a quarter to pre-emptively verify the physical health of the SECFILE.

TSSFAR needs to have SECFILE-encryption-KEY specified in //INPUT file.

In our company's policy - The encryption-KEY has to be kept as disclosed as possible.

Is there a possibility to run the TSSFAR utility without key (using the current and SMPE-accepted encyption key in TSS-Code) or without  the encryption key in clear text. 
Environment:
z/OS
Instructions:
you may code your JCL as it follows, e.g.: 

// JOB (ACCT#), 
// NOTIFY=ACID01,USER=ACID02 
//TSSFAR EXEC PGM=TSSFAR 
//SYSPRINT DD SYSOUT=* 
//SECFILE DD DISP=SHR,DSN=TSS.SECFILE 
//INPUT DD * 
// DD DISP=SHR,DSN=Your.dataset(TSSKEY) 
HEADER 
SFSTATS 
/* 
// 

With member TSSKEY containing: 

KEY=xxxxxxxxxxxxxxxx <== your encryption key 

ACID01 doesn't have access to Your.dataset(TSSKEY), but a permit acid acid for ACID02 
ACID02 have read access to Your.dataset(TSSKEY) and the admin authority to run TSSFAR.