1. Command Line Interface Reference for Oracle GoldenGate
  2. Common Command Line Interface Commands
  3. ALTER CREDENTIALSTORE

2.15 ALTER CREDENTIALSTORE

Use the ALTER CREDENTIALSTORE command to manage user ID and password pairs in the credential store. This command enables you to add credentials to the credential store and to specify different aliases for a user.

The use of a credential store is not supported for the NonStop platforms.

Syntax

Admin Client Syntax:

ALTER CREDENTIALSTORE {
  ADD USER userid | REPLACE USER userid | DELETE USER userid }
[NOPASSWORD | PASSWORD password]
[ALIAS alias]
[DOMAIN domain]
GGSCI Sytax:
ALTER CREDENTIALSTORE {
  ADD USER userid [@tns_alias] | REPLACE USER userid | DELETE USER userid }
[NOPASSWORD | PASSWORD password]
[ALIAS alias]
[DOMAIN domain]
ADD USER userid

Note:

In MA, ADD USER with ALIAS as email id, will fail. However, it works in Classic Architecture.

Adds the specified user and its alias to the credential store. If the ALIAS option is not used, the alias defaults to the user name. A credential can only be entered once unless the ALIAS option is used to specify a different alias for each one. Unless the PASSWORD option is used, the command prompts for the password of the specified user. The user can be an actual user name or a SQL*Net connect string.

In GGSCI, for multitenant databases with different users for the CDB and the PDB, you need to specify @TNS_Service_Name when adding a user to the credential store.

REPLACE USERuserid

Changes the password of the specified user. If the ALIAS option is not used, the alias defaults to the user name. You cannot change the alias or domain of a user with this option, but you can use the ADD USER option to add a new entry for the user under the desired ALIAS or DOMAIN. Unless the PASSWORD option is used, the command prompts for the new password for the specified user.

DELETE USER userid

Removes the credential for the specified user from the credential store. If the ALIAS option is not used, the alias defaults to the user name. If the user ID and alias are not the same, you must specify both user ID and alias. For example:

alter credentialstore delete user c##ggadmin alias ggadmin

NOPASSWORD | PASSWORDpassword

The NOPASSWORD option is the alternative to the PASSWORD option when using external authentication because password is not required for external authentication such as using Kerberos authentication. After the NOPASSWORD option is set, the DBLOGIN command can be used to access the database without a password.

Also see USERIDALIAS and USERID | NOUSERID parameters in the Reference for Oracle GoldenGate.

Specify the user's password using the PASSWORD option. The password is echoed (not obfuscated) when this option is used. If this option is omitted, the command prompts for the password, which is obfuscated as it is typed (recommended as more secure).

ALIAS alias

Specifies an alias for the user name. Use this option if you do not want the user name to be in a parameter file or command. If ALIAS is not used, the alias defaults to the USER name, which then must be used in parameter files and commands where a login is required. You can create multiple entries for a user, each with a different alias, by using the ADD USER option with ALIAS.

DOMAIN domain

Saves the credential user under the specified domain name. Enables the same alias to be used by multiple Oracle GoldenGate installations that use the same credential store. The default domain is Oracle GoldenGate. For example, the administrators of system 1 might not want system 2 to have access to the same credentials that are used on system 1. Those credentials can be stored as ALIAS extract, for example, under DOMAIN system1, while a different set of credentials can be stored for ALIAS extract under DOMAIN system2.

Examples

The following example add a user named scott but with external authentication and therefore uses the NOPASSWORD option. 

OGG (http://localhost:9005 demo) 2> alter credentialstore add user /@cdb1_pdb1 nopassword alias ora1
2020-06-22T21:08:33Z  INFO    OGG-15102  Credential store created.
OGG (http://localhost:9005 demo) 3> info credentialstore
Default domain: OracleGoldenGate
  Alias: ora1
  Userid: /@cdb1_pdb1

After you update the credentialstore to use the NOPASSWORD option, you can use the DBLOGIN command with Kerberos authentication for your database. 

OGG (http://localhost:9005 demo) 4> dblogin useridalias ora1
Successfully logged into database CDB1_PDB1.

This example adds a user named scott but omits the PASSWORD specification, so the command prompts for scott's password. 

ALTER CREDENTIALSTORE ADD USER scott
Password: ********

This example adds the user scott with his password tiger and specifies an alias for scott that is named scsm2. 

ALTER CREDENTIALSTORE ADD USER scott PASSWORD tiger ALIAS scsm2

This example adds the user scott under the domain of support. 

ALTER CREDENTIALSTORE ADD USER scott ALIAS scsm3 DOMAIN support
Password: ********

This example issues two ALTER CREDENTIALSTORE commands, each of which adds a scott entry, but with a different alias. 

ALTER CREDENTIALSTORE ADD USER scott ALIAS scsm2
Password: ********
ALTER CREDENTIALSTORE ADD USER scott ALIAS scsm3
Password: ********

The following shows how the DELETE USER option works with and without the ALIAS option.

The following command deletes the user1 entry for which the ALIAS is the same as the user name. 

ALTER CREDENTIALSTORE DELETE USER user1
Alias: user1
Userid: user1

The following command deletes the entry for user user1 that is associated with the alias alias1. 

ALTER CREDENTIALSTORE DELETE USER user1 ALIAS alias1
Alias: alias1
Userid: user1

This example uses a SQL*Net connect string as the user value. In this case, the PASSWORD option is omitted. The person issuing the command is prompted for the password, which is hidden. 

ALTER CREDENTIALSTORE ADD USER oggext1@ora1 ALIAS ora1
This example creates a domain name Oracle GoldenGate with user ID ogg1 and alias as ogg_alias in the Admin Client.
OGG (https://localhost:15000 Atlanta) 9> alter credentialstore add user ogg1 alias ogg_alias
Password:
This example connects a PDB user: 
alter credentialstore add user ggadmin@cdb1_pdb1
This example connects using a connection qualifier if using a BEQ-Bequeath Protocol adapter:
alter credentialstore add user ggadmin@inst1_beq

Parent topic: Common Command Line Interface Commands