Skip Headers
Oracle Business Transaction Management Online Help
Release 12.1.0.2

E26585-05
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

credStoreTool

Use the credStoreTool command to create, obtain, or delete a credential from the credential store. This command allows you to create three different types of credentials:

Before you can use this command, you must install and configure the Oracle Java Platform Security classes as described in the Business Transaction Management Installation Guide.

The syntax of the credStoreTool command varies depending on the type of credential you are working with. The sections that follow provide syntax and parameter information for each kind of credential.

In all cases, the commands allow you to create a credential, to obtain a credential if you need to copy it to other servers, and to delete a credential.

Using user:password Credentials

This option is more secure than specifying the user name and password on the command line itself or in a script. For additional information in how you use this credential to access btmcli commands, see Security Options in Accessing CLI Commands.

Command Syntax

btmcli credStoreTool -createCred credName [-credType up] 
                     [credValue username:password]

btmcli credStoreTool -getCred credName [-credType up] [-showPwd]

btmcli credStoreTool -deleteCred credName [-credType up]
Name Description
-createCred Specifies the name of the credential to be created.
-getCred Specifies the name of the credential to be obtained.
-deleteCred Specifies the name of the credential to be deleted.
-credType The kind of credential to be created, obtained, or deleted.

The default is up.

-credValue If you do not specify this option, you will be prompted for a user name and password. The password entered will be masked with asterisks.
-showPwd For the getCred option, asks that the user name and password be displayed.

Using Trusted Issuer and Secret Credentials

Business Transaction Management components use this type of credentials to establish a trust relationship. When a component receives a request for a service, before it acts, it checks that it came from one of its trusted cohorts.

Command Syntax

btmcli credStoreTool -createCred credName credType is [-credValue issuer:secret]

btmcli credStoreTool -getCred credName -credType is [-showSecret]

btmcli credStoreTool -deleteCred credName -cretType is
Name Description
-createCred Specifies the name of the credential to be created.
-getCred Specifies the name of the credential to be obtained.
-deleteCred Specifies the name of the credential to be deleted.
-credType The kind of credential to be created, obtained, or deleted.
-credValue If you do not specify this option, you will be prompted for an issuer and secret. The secret entered will be masked with asterisks.
-showSecret For the getCred option, asks that the issuer and secret be displayed.

Using Binary Credentials

An AES encryption key is used to encrypt sensitive data that is transmitted from one Business Transaction Management component to another or when it stored in a database or on disk.

Command Syntax

btmcli credStoreTool -createCred credName 
          -credType bin {credValue Base64-encoded-bytes | -genKey AlgName:KeySize}

btmcli credStoreTool -getCred credName credType bin [-showSecret]

btmcli credStoreTool -deleteCred credName -credType bin
Name Description
-createCred Specifies the name of the credential to be created.
-getCred Specifies the name of the credential to be obtained.
-deleteCred Specifies the name of the credential to be deleted.
-credType The kind of credential to be created, obtained, or deleted.
-credValue Specify a set of bytes (base-64 encoded). These bytes might or might not represent a valid encryption key.
-genKey AlgName refers to the JCE (Java Cryptographic Extension) reserved algorithm name. Currently only AES is supported.

The KeySize is the size of the key that you want to generate. Different algorithms have different allowable key sizes. For AES, these are 128, 192, and 256, which refer to bits (not bytes). 128 is recommended because this is supported in all of the underlying platform's cryptographic implementations.

-showSecret For the getCred option, asks that the size (in bytes) of the binary credential be displayed along with the base-64 encoded bytes themselves. For example,

16 bytes long ... Base-64 = [qvw1wEOxprSeJf2TbtuK5w==]

If you do not specify this parameter, the bytes will not be displayed.