In order to create a named credential, you need to know:
- Target name (unless you create a global credential)
- Target type
- Credential type associated with the target type
Now we start to create a named credential for cluster database ( RACTEST ) user ( JAMES).
1) To get TARGET_TYPE from TARGET_NAME. Normally we know a couple of target_type from daily emcli practice.
$ emcli get_targets -targets="RACTEST:%"
Status ID Status Target Type Target Name
1 Up rac_database RACTETS
2) To get the credential types (and their attributes) associated with “rac_database”.
$ emcli show_credential_type_info -target_type=rac_database
Target Type Cred Type Name Cred Type Column Name Key Column
rac_database DBCreds DBPassword No
DBRole No
DBUserName Yes
DBHostCreds HostPassword No
HostUserName Yes
DBKerberosCreds DBKerberosPassword No
DBKerberosUserName Yes
DBPkiCreds DBPkiUserWallet Yes
DBPkiUserWalletPassword No
DBPkiUserWalletType No
HostSSHCreds SSH_PUB_KEY No
SSH_PVT_KEY No
USERNAME Yes
We can see target type rac_database has four credential types. we will use credential type DBCreds in the following steps.
3) Create named credential for JAMES user of the RAC database.
$emcli create_named_credential -auth_target_type=rac_database \
-cred_scope=Instance -target_type=rac_database \
-target_name=RACTEST -cred_type=DBCreds -cred_name=NC_RACTEST_JAMES \
-attributes="DBUserName:JAMES;DBPassword:yourpasswd" -test
Credential NC_RACTEST_JAMES created.
Here “-test” to test the credential before saving.
If you want to create a global named credential, just remove “cred_scope, target_type, target_name” parameters.
$emcli create_named_credential -auth_target_type=rac_database \
-cred_type=DBCreds -cred_name=NC_G_RACTEST_JAMES \
-attributes="DBUserName:JAMES;DBPassword:yourpasswd"
Credential NC_G_RACTEST_JAMES created.
4) Test a named credential.
a) Instance named credential.
$ emcli test_named_credential -cred_names=NC_RACTEST_JAMES
Credentials "NC_RACTEST_JAMES:SYSMAN" tested successfully
b) Global named credential. target_name and target_type are required for testing global named credential.
$ emcli test_named_credential -cred_names=NC_G_RACTEST_JAMES
-target_name=RACTEST -target_type=rac_database
Credentials "NC_G_RACTEST_JAMES:SYSMAN" tested successfully
c) Global named credential can be used for both rac cluster database or its instances, while instance credential can only work for the attached target.
$ emcli test_named_credential -cred_names=NC_G_RACTEST_JAMES \
-target_name=RACTEST_RACTEST1 -target_type=oracle_database
Credentials "NC_G_RACTEST_JAMES:SYSMAN" tested successfully
$ emcli test_named_credential -cred_names=NC_RACTEST_JAMES \
-target_name=RACTEST_RACTEST1 -target_type=oracle_database
Error: target_name and target_type options should be provided
only for Global credentials.
5) Modify named credentials. Here we assume user JAMES password has been changed, so the named credentials have to be modified accordingly.
— Global Named Credential.
$ emcli modify_named_credential -cred_name=NC_G_RACTEST_JAMES \
-attributes="DBUserName:JAMES;DBPassword:NewPasswd"
Credential updated.
$ emcli test_named_credential -cred_names=NC_G_RACTEST_JAMES
-target_name=RACTEST -target_type=rac_database
Credentials "NC_G_RACTEST_JAMES:SYSMAN" tested successfully
— Instance Named Credential
$ emcli modify_named_credential -cred_name=NC_RACTEST_JAMES
-attributes="DBUserName:JAMES;DBPassword:NewPasswd"
Credential updated.
$ emcli test_named_credential -cred_names=NC_RACTEST_JAMES
Credentials "NC_RACTEST_JAMES:SYSMAN" tested successfully
6) List named credentials.
$emcli list_named_credentials
Credential Name Credential Owner Authenticating target type. Cred Type Name Target Name Target Username
NC_G_RACTEST_JAMES SYSMAN oracle_database DBCreds JAMES
NC_RACTEST_JAMES SYSMAN oracle_database DBCreds RACTEST JAMES
...
..
.
7) Displays named credential details.
$ emcli get_named_credential -cred_name=NC_G_RACTEST_JAMES
Credential Name:NC_G_RACTEST_JAMES
Credential Owner:SYSMAN
Credential Type:DBCreds
Credential Target Type:oracle_database
Credential Username:JAMES
Credential Scope:global
Credential Guid:996809C30D3F08A6E0530BAB050AEA55
Credential Stripe:TARGETS
Credential Columns:
DBPassword=******
DBRole=normal
DBUserName=JAMES
$ emcli get_named_credential -cred_name=NC_RACTEST_JAMES
Credential Name:NC_RACTEST_JAMES
Credential Owner:SYSMAN
Credential Type:DBCreds
Credential Target Type:oracle_database
Credential Username:JAMES
Credential Scope:instance
Credential Guid:9967E027F13E4CC2E0530BAB050A9877
Credential Stripe:TARGETS
Instance Target Name:RACTEST
Instance Target Type:rac_database
Credential Columns:
DBPassword=******
DBRole=normal
DBUserName=JAMES
8)Deletes an existing named credential.
$ emcli delete_named_credential -cred_name=NC_G_RACTEST_JAMES
Credential deleted.
$ emcli delete_named_credential -cred_name=NC_RACTEST_JAMES \
-cred_owner=sysman
Credential deleted.
9)Help.
$emcli help create_named_credential
$ emcli help get_named_credential
Make DBA Life Easy 