Oracle® Business Intelligence Enterprise Edition Deployment Guide > Oracle BI Presentation Services Credential Store > Credential Store Storage Types >
Custom Store
The BI Presentation Services Credential Store supports the storage of keys and secrets in custom storage systems. Administrators must write a program or shell script that extracts the credential data from the custom store and writes them to standard output in a well-defined text based interchange format. This custom loader must be specified in the commandLine attribute of the CredentialStorage element in the instanceconfig.xml file. At initialization of the BI Presentation Services Credential Store, the custom executable or script is launched and the Credential Store service creates an anonymous pipe to access the standard output of the custom program, thus ensuring that sensitive data is not written to any temporary file on disk. The command line that should be executed to run the custom credential store loader should only consist of the path to the executable or script and any necessary arguments. Any redirection of standard output will fail as BI Presentation Services needs standard output to read the results from. Redirection of standard input is also not supported. The custom executable or script must extract credentials from the store of choice and write them to standard output in a well-defined text based format. Industry standard PEM (unencrypted) format must be used for X.509 keys and certificates. A proprietary format defined by BI Presentation Services must be used for username/password based credentials. The format is described below. Stream Structure
The general format of the stream is plain text. A rough grammar is below. NOTE: Certificates and private keys having the same alias will get grouped into one credential.
entity (EOL entity)* entity = x509entity | upwdentity x509entity = x509type ":" alias EOL x509body upwdentity = "Username Password" ":" alias EOL upwdbody x509type = "Key Certificate(PEM)" | "Private Key(PEM)" | "CA Certificate(PEM)" alias = Sequence of printable ASCII characters, excluding whitespace. EOL = "\r\n" | "\n" x509body = PEM encoded contents upwdbody = username EOL password username = Sequence of printable ASCII characters excluding EOL password = Sequence of printable ASCII characters excluding EOL
Stream Example
The following example contains entries for:
|