Using encrypted credentials in WLST

Peter Lorenzen
02/01-2011

Welcome to my blog. It has been underway in several years but now it is finally here 🙂
I will start out with a series of short posts about WLST. I have recently written a bunch of scripts and these tips would have saved me some time had a known them beforehand.

You can connect to a running Weblogic server like this:

. /app/oracle/domains/wlsTestDomain/bin/setDomainEnv.sh
java weblogic.WLST
connect(username='weblogic', password='mypw', url='t3://testwls01:7001')

But if you are writing a script you don’t really want to store a clear text password. Instead you can encrypt the user name and password:

. /app/oracle/domains/wlsTestDomain/bin/setDomainEnv.sh
java weblogic.WLST
connect(username='weblogic', password='mypw', url='t3://testwls01:7001')
storeUserConfig(userConfigFile='/app/oracle/scripts/userconfig.secure',
                userKeyFile='/app/oracle/scripts/userkey.secure',
                nm='false')

This will save a file that contains the encrypted user name and password. The other file contains the key that is used when decrypting.

Now you can connect to the server like this:

. /app/oracle/domains/wlsTestDomain/bin/setDomainEnv.sh
java weblogic.WLST
connect(userConfigFile='/app/oracle/scripts/userconfig.secure',
        userKeyFile='/app/oracle/scripts/userkey.secure',
        url='t3://testwls01:7001')

This is of cause not a perfect solution and you must ensure that that they key file is kept secure. But it is much better than clear text passwords.

It is also possible to use this when connecting to a Node Manager:

nmConnect(username='nodemgr', password='mypw',
          domainName='wlsTestDomain', port='5556', nmType='plain')
storeUserConfig(userConfigFile='/app/oracle/scripts/userconfigNM.secure',
                userKeyFile='/app/oracle/scripts/userkeyNM.secure',
                nm='true')

Now connect using the key file:

nmConnect(userConfigFile='/app/oracle/scripts/userconfigNM.secure',
          userKeyFile='/app/oracle/scripts/userkeyNM.secure',
          domainName='wlsTestDomain', port='5556', nmType='plain')

Please be aware that the code snippets in this post has been formatted for easy reading and cannot be executed directly without reformatting!

{ 3 comments… read them below or add one }

Kapil October 13, 2011 at 14:24

Thanks Peter, it really helped me connecting with the config and key file, with out sending username and password as clear text format.

Peter Lorenzen October 13, 2011 at 14:45

Glad to hear it help you

fishwet January 5, 2012 at 11:59

Hello,

Thanks the article was informative, initially i got a keyword syntax error from WLST , after referring to this set up following domain after userKey it`s fine.

Keep the good posts.

Cheers

Leave a Comment

Next post: