Create Named Credentials by Using emcli

In order to create a named credential, you need to know:

Target name (unless you create a global credential)
Target type
Credential type associated with the target type

Now we start to create a named credential for cluster database ( RACTEST ) user ( JAMES).

1) To get TARGET_TYPE from TARGET_NAME. Normally we know a couple of target_type from daily emcli practice.

$ emcli get_targets -targets="RACTEST:%"

Status ID Status Target Type  Target Name
1         Up     rac_database  RACTETS

2) To get the credential types (and their attributes) associated with “rac_database”.

$ emcli show_credential_type_info -target_type=rac_database
Target Type  Cred Type Name      Cred Type Column Name Key Column
rac_database DBCreds             DBPassword            No
                                 DBRole                No
                                 DBUserName            Yes
             DBHostCreds         HostPassword          No
                                 HostUserName          Yes
             DBKerberosCreds     DBKerberosPassword    No
                                 DBKerberosUserName    Yes
             DBPkiCreds          DBPkiUserWallet       Yes
                                 DBPkiUserWalletPassword No
                                 DBPkiUserWalletType   No
             HostSSHCreds        SSH_PUB_KEY           No
                                 SSH_PVT_KEY           No
                                 USERNAME              Yes

We can see target type rac_database has four credential types. we will use credential type DBCreds in the following steps.

3) Create named credential for JAMES user of the RAC database.

$emcli create_named_credential -auth_target_type=rac_database \
 -cred_scope=Instance -target_type=rac_database \
-target_name=RACTEST -cred_type=DBCreds -cred_name=NC_RACTEST_JAMES \
-attributes="DBUserName:JAMES;DBPassword:yourpasswd" -test

Credential NC_RACTEST_JAMES created.

Here “-test” to test the credential before saving.

If you want to create a global named credential, just remove “cred_scope, target_type, target_name” parameters.

$emcli create_named_credential -auth_target_type=rac_database \
      -cred_type=DBCreds -cred_name=NC_G_RACTEST_JAMES \
      -attributes="DBUserName:JAMES;DBPassword:yourpasswd" 

Credential NC_G_RACTEST_JAMES created.

4) Test a named credential.

a) Instance named credential.

$ emcli test_named_credential -cred_names=NC_RACTEST_JAMES
Credentials "NC_RACTEST_JAMES:SYSMAN" tested successfully

b) Global named credential. target_name and target_type are required for testing global named credential.

$ emcli test_named_credential -cred_names=NC_G_RACTEST_JAMES
  -target_name=RACTEST -target_type=rac_database

Credentials "NC_G_RACTEST_JAMES:SYSMAN" tested successfully

c) Global named credential can be used for both rac cluster database or its instances, while instance credential can only work for the attached target.

$ emcli test_named_credential -cred_names=NC_G_RACTEST_JAMES \
         -target_name=RACTEST_RACTEST1 -target_type=oracle_database
Credentials "NC_G_RACTEST_JAMES:SYSMAN" tested successfully

$ emcli test_named_credential -cred_names=NC_RACTEST_JAMES \
 -target_name=RACTEST_RACTEST1 -target_type=oracle_database
Error: target_name and target_type options should be provided 
       only for Global credentials.

5) Modify named credentials. Here we assume user JAMES password has been changed, so the named credentials have to be modified accordingly.

— Global Named Credential.

$ emcli modify_named_credential -cred_name=NC_G_RACTEST_JAMES  \
        -attributes="DBUserName:JAMES;DBPassword:NewPasswd"
Credential updated.

$ emcli test_named_credential -cred_names=NC_G_RACTEST_JAMES 
        -target_name=RACTEST -target_type=rac_database
Credentials "NC_G_RACTEST_JAMES:SYSMAN" tested successfully

— Instance Named Credential

$ emcli modify_named_credential -cred_name=NC_RACTEST_JAMES 
  -attributes="DBUserName:JAMES;DBPassword:NewPasswd"
Credential updated.

$ emcli test_named_credential -cred_names=NC_RACTEST_JAMES
Credentials "NC_RACTEST_JAMES:SYSMAN" tested successfully

6) List named credentials.

$emcli list_named_credentials 

Credential Name     Credential Owner  Authenticating target type.  Cred Type Name  Target Name   Target Username
NC_G_RACTEST_JAMES  SYSMAN            oracle_database              DBCreds                       JAMES
NC_RACTEST_JAMES    SYSMAN            oracle_database              DBCreds         RACTEST       JAMES
...
..
.

7) Displays named credential details.

$ emcli get_named_credential -cred_name=NC_G_RACTEST_JAMES
Credential Name:NC_G_RACTEST_JAMES
Credential Owner:SYSMAN
Credential Type:DBCreds
Credential Target Type:oracle_database
Credential Username:JAMES
Credential Scope:global
Credential Guid:996809C30D3F08A6E0530BAB050AEA55
Credential Stripe:TARGETS
Credential Columns:
DBPassword=******
DBRole=normal
DBUserName=JAMES

$ emcli get_named_credential -cred_name=NC_RACTEST_JAMES
Credential Name:NC_RACTEST_JAMES
Credential Owner:SYSMAN
Credential Type:DBCreds
Credential Target Type:oracle_database
Credential Username:JAMES
Credential Scope:instance
Credential Guid:9967E027F13E4CC2E0530BAB050A9877
Credential Stripe:TARGETS
Instance Target Name:RACTEST
Instance Target Type:rac_database
Credential Columns:
DBPassword=******
DBRole=normal
DBUserName=JAMES

8)Deletes an existing named credential.

$ emcli delete_named_credential -cred_name=NC_G_RACTEST_JAMES
Credential deleted.

$ emcli delete_named_credential -cred_name=NC_RACTEST_JAMES \
                                -cred_owner=sysman
Credential deleted.

9)Help.