How to hide passwords and account information in WLST scripts (WebLogic Server)

If you are worried about your password showing up in clear text in the startup scripts, you can use the storeUserConfig command to generate encrypted userconfigFile and a userKeyFile that you can then use in the „nmConnect“ and „connect“ command.

Place there two files on the protected place and decide to set right permissions

Create storeUserConfig for the Node Manager

Start wlst via the shell script $ORACLE_HOME/oracle_common/common/bin/wlst.sh:

/u01/app/oracle/product/FMW/Oracle_Home/oracle_common/common/bin/wlst.sh

Connect to Node Manager (important note: the Node Manager must be running!):

nmConnect('nodemgr','welcome1','host03.example.com','5556','forms_domain','/u01/app/oracle/user_projects/domains/forms_domain')

Connect to the Admin Server (important note: the Admin Server must be running):

connect('weblogic','welcome1','t3://host03.example.com')

Store the login information of the Node Manager Administrator.

In this example we will create two files to store the logon information of Node Manager Administrator:

wlst> storeUserConfig('/u01/app/oracle/user_projects/domains/forms_domain/userNMConfigFile','/u01/app/oracle/user_projects/domains/forms_domain/userNMKeyFile',nm='true')

Now you are able to use store files instead of username and password in the nmConnect command:

nmConnect(userConfigFile='/u01/app/oracle/user_projects/domains/forms_domain/userNMConfigFile',userKeyFile='/u01/app/oracle/user_projects/domains/forms_domain/userNMKeyFile',host='host03.example.com',port='5556',domainName='forms_domain',domainDir='/u01/app/oracle/user_projects/domains/forms_domain')

Create storeUserConfig for the weblogic Administrator

Create userconfigFile and a userKeyFile that you can then use in the „connect“ command:

Start wlst via the shell script $ORACLE_HOME/oracle_common/common/bin/wlst.sh:

/u01/app/oracle/product/FMW/Oracle_Home/oracle_common/common/bin/wlst.sh

Connect to the Admin Server (important note: the Admin Server must be running):

connect('weblogic','welcome1','t3://host03.example.com')

Store the Password of the WebLogic User in the Store File:

wlst> storeUserConfig('/u01/app/oracle/user_projects/domains/forms_domain/userWLSConfigFile','/u01/app/oracle/user_projects/domains/forms_domain/userWLSKeyFile',nm='false')

Now you are able to use store files instead of username and password in the connect command:

connect(userConfigFile='/u01/app/oracle/user_projects/domains/forms_domain/userWLSConfigFile',userKeyFile='/u01/app/oracle/user_projects/domains/forms_domain/userWLSKeyFileadm',url='t3://host03.example.com:7001')

Script Examples

Example 1: Start Admin Server via WLST without Node Manager:

connect(userConfigFile='/u01/app/oracle/user_projects/domains/forms_domain/userWLSConfigFile',userKeyFile='/u01/app/oracle/user_projects/domains/forms_domain/userWLSKeyFile',url='t3://host03.example.com:7001')
startServer('AdminServer')

Example 2: Start Admin Server via WLST and Node Manager:

nmConnect(userConfigFile='/u01/app/oracle/user_projects/domains/forms_domain/userNMConfigFile',userKeyFile='/u01/app/oracle/user_projects/domains/forms_domain/userNMKeyFile',host='host03.example.com',port='5556',domainName='forms_domain',domainDir='/u01/app/oracle/user_projects/domains/forms_domain')
nmStart ('AdminServer')
Advertisements

Autor: Neselovskyi, Borys

Oracle Database / Middleware / Engineered System Solution Architect

3 Kommentare zu „How to hide passwords and account information in WLST scripts (WebLogic Server)“

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s