Using encrypted credentials in WLST

Peter Lorenzen
02/01-2011

Welcome to my blog. It has been underway in several years but now it is finally here :-)
I will start out with a series of short posts about WLST. I have recently written a bunch of scripts and these tips would have saved me some time had a known them beforehand.

You can connect to a running Weblogic server like this:

. /app/oracle/domains/wlsTestDomain/bin/setDomainEnv.sh
java weblogic.WLST
connect(username='weblogic', password='mypw', url='t3://testwls01:7001')

But if you are writing a script you don’t really want to store a clear text password. Instead you can encrypt the user name and password:

. /app/oracle/domains/wlsTestDomain/bin/setDomainEnv.sh
java weblogic.WLST
connect(username='weblogic', password='mypw', url='t3://testwls01:7001')
storeUserConfig(userConfigFile='/app/oracle/scripts/userconfig.secure',
                userKeyFile='/app/oracle/scripts/userkey.secure',
                nm='false')

This will save a file that contains the encrypted user name and password. The other file contains the key that is used when decrypting.

Now you can connect to the server like this:

. /app/oracle/domains/wlsTestDomain/bin/setDomainEnv.sh
java weblogic.WLST
connect(userConfigFile='/app/oracle/scripts/userconfig.secure',
        userKeyFile='/app/oracle/scripts/userkey.secure',
        url='t3://testwls01:7001')

This is of cause not a perfect solution and you must ensure that that they key file is kept secure. But it is much better than clear text passwords.

It is also possible to use this when connecting to a Node Manager:

nmConnect(username='nodemgr', password='mypw',
          domainName='wlsTestDomain', port='5556', nmType='plain')
storeUserConfig(userConfigFile='/app/oracle/scripts/userconfigNM.secure',
                userKeyFile='/app/oracle/scripts/userkeyNM.secure',
                nm='true')

Now connect using the key file:

nmConnect(userConfigFile='/app/oracle/scripts/userconfigNM.secure',
          userKeyFile='/app/oracle/scripts/userkeyNM.secure',
          domainName='wlsTestDomain', port='5556', nmType='plain')

Please be aware that the code snippets in this post has been formatted for easy reading and cannot be executed directly without reformatting!

{ 3 comments… read them below or add one }

Leave a Comment

Next post: