Oracle Cloud Infrastructure Documentation

Refreshing the UPST Token Exchange Keytab

In Big Data Service, the token exchange service principal keytab is a secret and must be refreshed regularly.

If the security of the keytab is compromised, you can trigger this operation to refresh token exchange service principal keytab. A new secret version is created in the vault for the refreshed keytab.

    1. On the Clusters list page, select the cluster that you want to work with. If you need help finding the list page or the cluster, see Listing Clusters in a Compartment.
    2. To view clusters in a different compartment, use the Compartment filter to switch compartments.
      You must have permission to work in a compartment to see the resources in it. If you're not sure which compartment to use, contact an administrator. For more information, see Understanding Compartments.
    3. On the Cluster details page, under Resources, select Identity domain configurations.
    4. Select the identity domain configuration that you want to work with.
    5. From the Actions menu (three dots) for the identity domain configuration, select Refresh keytab.
  • Use the refresh-upst-token-exchange-keytab command and required parameters to refresh token exchange Kerberos principal keytab for the UPST enabled identity configuration.
    oci bds identity-configuration refresh-upst-token-exchange-keytab [OPTIONS]

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference for Big Data.

  • Use the RefreshUpstTokenExchangeKeytab operation to refresh token exchange Kerberos principal keytab for the UPST enabled identity configuration.