Securing Credentials

CAKM for Oracle TDE allows you to use obfuscated credentials.

The obfuscated value is set in the properties file. The PassPhraseSecure utility allows the user to give different parameters to generate the obfuscated credentials.

The credentials must be provided in one of the following forms:

• With domain: domain:user:password

• Without domain: user:password

• With domain and persistent cache password: domain:user:password:pcachepass

• With persistent cache password: user:password:pcachepass

Here, domain, user, and password are related to the CipherTrust Manager.

Credential Parameters

The following parameters are used:

• ./PassPhraseSecure -txt <TextToBeObfuscated>

  This parameter allows the user to provide input as text and display the obfuscated value.

  Note

  If the text to be obfuscated contains whitespaces, then it must be provided within double quotes (" ").

  Example 1:

  ./PassPhraseSecure -txt "domain:user:password"
  

  Output:

  5B7D6329356A0D0153B0A0CB7B3ACB626320A48D6D9B31E0F03856650E88C922
  

  Example 2:

  ./PassPhraseSecure -txt "domain:user:password:pcachepass"
  

  Output:

  5B7D6329356A0D0153B0A0CB7B3ACB622DB1B005DA70CA56324E7218CCC626DD
  

• PassPhraseSecure -file <FileName>

  This parameter allows the user to provide input from a file and display the obfuscated value. The file name could be the name and path of the file from which the text is to be obfuscated.

  Example:

  ./PassPhraseSecure -file test.txt 66A09CF4974DB15B1E3C22F89912338E
  

  Note

  There is no restriction on length of the file. However, only the first line from the file is obfuscated irrespective of the file length.

• PassPhraseSecure –help

  This parameter displays the help, to use this utility, on the console. For example:

  ./PassPhraseSecure –help
  

  Note

  If you do not provide any parameter with the utility, the same -help parameter output is displayed.