Use the credStoreTool command to create, obtain, or delete a credential from the credential store. This command allows you to create three different types of credentials:
credentials based on a username:password format.
You use these credentials to access btmcli commands. Nearly all commands require a user name and password.
credentials based on a trusted issuer and secret
Business Transaction Management components use this type of credential to establish trust relationships between them.
binary credentials (AES keys for the System Default Encryption Key).
An AES encryption key is used to encrypt sensitive data that is transmitted from one Business Transaction Management component to another or when that sensitive data is stored in a database or on disk.
Before you can use this command, you must install and configure the Oracle Java Platform Security classes as described in the Business Transaction Management Installation Guide.
The syntax of the credStoreTool command varies depending on the type of credential you are working with. The sections that follow provide syntax and parameter information for each kind of credential.
In all cases, the commands allow you to create a credential, to obtain a credential if you need to copy it to other servers, and to delete a credential.
This option is more secure than specifying the user name and password on the command line itself or in a script. For additional information in how you use this credential to access btmcli commands, see Security Options in Accessing CLI Commands.
btmcli credStoreTool -createCred credName [-credType up] [credValue username:password] btmcli credStoreTool -getCred credName [-credType up] [-showPwd] btmcli credStoreTool -deleteCred credName [-credType up]
| Name | Description |
|---|---|
| -createCred | Specifies the name of the credential to be created. |
| -getCred | Specifies the name of the credential to be obtained. |
| -deleteCred | Specifies the name of the credential to be deleted. |
| -credType | The kind of credential to be created, obtained, or deleted.
The default is up. |
| -credValue | If you do not specify this option, you will be prompted for a user name and password. The password entered will be masked with asterisks. |
| -showPwd | For the getCred option, asks that the user name and password be displayed. |
Business Transaction Management components use this type of credentials to establish a trust relationship. When a component receives a request for a service, before it acts, it checks that it came from one of its trusted cohorts.
btmcli credStoreTool -createCred credName credType is [-credValue issuer:secret] btmcli credStoreTool -getCred credName -credType is [-showSecret] btmcli credStoreTool -deleteCred credName -cretType is
| Name | Description |
|---|---|
| -createCred | Specifies the name of the credential to be created. |
| -getCred | Specifies the name of the credential to be obtained. |
| -deleteCred | Specifies the name of the credential to be deleted. |
| -credType | The kind of credential to be created, obtained, or deleted. |
| -credValue | If you do not specify this option, you will be prompted for an issuer and secret. The secret entered will be masked with asterisks. |
| -showSecret | For the getCred option, asks that the issuer and secret be displayed. |
An AES encryption key is used to encrypt sensitive data that is transmitted from one Business Transaction Management component to another or when it stored in a database or on disk.
btmcli credStoreTool -createCred credName -credType bin {credValue Base64-encoded-bytes | -genKey AlgName:KeySize} btmcli credStoreTool -getCred credName credType bin [-showSecret] btmcli credStoreTool -deleteCred credName -credType bin
| Name | Description |
|---|---|
| -createCred | Specifies the name of the credential to be created. |
| -getCred | Specifies the name of the credential to be obtained. |
| -deleteCred | Specifies the name of the credential to be deleted. |
| -credType | The kind of credential to be created, obtained, or deleted. |
| -credValue | Specify a set of bytes (base-64 encoded). These bytes might or might not represent a valid encryption key. |
| -genKey | AlgName refers to the JCE (Java Cryptographic Extension) reserved algorithm name. Currently only AES is supported.
The KeySize is the size of the key that you want to generate. Different algorithms have different allowable key sizes. For AES, these are 128, 192, and 256, which refer to bits (not bytes). 128 is recommended because this is supported in all of the underlying platform's cryptographic implementations. |
| -showSecret | For the getCred option, asks that the size (in bytes) of the binary credential be displayed along with the base-64 encoded bytes themselves. For example,
16 bytes long ... Base-64 = [qvw1wEOxprSeJf2TbtuK5w==] If you do not specify this parameter, the bytes will not be displayed. |