Securing Credentials
CAKM for Oracle TDE allows you to use obfuscated credentials.
The obfuscated value is set in the properties file. The PassPhraseSecure utility allows the user to give different parameters to generate the obfuscated credentials.
• Characters supported in credentials: + , - . / = [ ] ^ _ ~ ’ # " @ ?
• Characters not supported in credentials: ( ) ! & \ | ;` < > ${ }
• Colon (:) is used as a field separator, and should not be part of credentials.
The credentials must be provided in one of the following forms:
With domain:
domain:user:passwordWithout domain:
user:passwordWith domain and persistent cache password:
domain:user:password:pcachepassWith persistent cache password:
user:password:pcachepass
Here, domain, user, and password are related to the CipherTrust Manager.
Credential Parameters
The following parameters are used:
./PassPhraseSecure -txt <TextToBeObfuscated>This parameter allows the user to provide input as text and display the obfuscated value.
If the text to be obfuscated contains whitespaces, then it must be provided within double quotes (" ").
Example 1:
./PassPhraseSecure -txt "domain:user:password"Output:
5B7D6329356A0D0153B0A0CB7B3ACB626320A48D6D9B31E0F03856650E88C922Example 2:
./PassPhraseSecure -txt "domain:user:password:pcachepass"Output:
5B7D6329356A0D0153B0A0CB7B3ACB622DB1B005DA70CA56324E7218CCC626DDPassPhraseSecure -file <FileName>This parameter allows the user to provide input from a file and display the obfuscated value. The file name could be the name and path of the file from which the text is to be obfuscated.
Example:
./PassPhraseSecure -file test.txt 66A09CF4974DB15B1E3C22F89912338EThere is no restriction on length of the file. However, only the first line from the file is obfuscated irrespective of the file length.
PassPhraseSecure –helpThis parameter displays the help, to use this utility, on the console. For example:
./PassPhraseSecure –helpIf you do not provide any parameter with the utility, the same -help parameter output is displayed.
