Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Advanced Topics

Securing Credentials

search

Securing Credentials

CAKM for Oracle TDE allows you to use encrypted credentials.

The encrypted value is set in the properties file. The PassPhraseSecure utility allows the user to give different parameters to generate the encrypted credentials.

Note

  • Characters supported in credentials: + , - . / = [ ] ^ _ ~ ’ # " @ ?

  • Characters not supported in credentials: ( ) ! & \ | ;` < > ${ }
    • Colon (:) is used as a field separator, and should not be part of credentials.

The credentials must be provided in one of the following forms:

  • With domain: domain::user:password

  • Without domain: user:password

  • With domain and persistent cache password: domain::user:password:pcachepass

  • With persistent cache password: user:password:pcachepass

Here, domain, user, and password are related to the CipherTrust Manager.

Credential Parameters

The following parameters are used:

  • ./PassPhraseSecure -txt <TextToBeObfuscated>

    This parameter allows the user to provide input as text and display the encrypted value.

    Note

    If the text to be encrypted contains whitespaces, then it must be provided within double quotes (" ").

    Example 1:

    ./PassPhraseSecure -txt "domain::user:password"

    Output:

    5B7D6329356A0D0153B0A0CB7B3ACB626320A48D6D9B31E0F03856650E88C922

    Example 2:

    ./PassPhraseSecure -txt "domain::user:password:pcachepass"

    Output:

    5B7D6329356A0D0153B0A0CB7B3ACB622DB1B005DA70CA56324E7218CCC626DD

  • PassPhraseSecure -file <FileName>

    This parameter allows the user to provide input from a file and display the encrypted value. The file name could be the name and path of the file from which the text is to be encrypted.

    Example:

    ./PassPhraseSecure -file test.txt

    Output:

    66A09CF4974DB15B1E3C22F89912338E

    Note

    There is no restriction on length of the file. However, only the first line from the file is encrypted irrespective of the file length.

  • PassPhraseSecure –help

    This parameter displays the help, to use this utility, on the console. For example:

    ./PassPhraseSecure –help
Usage :
Passphrase -help -- To print this help
Passphrase -txt <TextToBeObfuscated> -- Obfuscates the provided text
Passphrase -file <FileName> -- Obfuscates first line of the file provided in file name

    Note

    If you do not provide any parameter with the utility, the same -help parameter output is displayed.

On this page