Using EMCLI to Create Named Credentials

One of my blog readers asked me to write a sample EMCLI codes to create named credentials for Database. To be able to create a named credential, you need to know the target name (unless you create a global credential), target type and credential type associated with the target type. Let’s say I want to create a named credential for my database named “TESTDB”. First I need to login to our EM12c server, and list targets named “TESTDB”:

The % sign after the TESTDB means any target type (be careful about the colon (:) symbol between target name and target type). So we know that our TESTDB is an “oracle_database”. I’m sure you will memorize most of the target types after you start to work with EMCLI but I still prefer to check them before executing commands. Now we need to get the credential types (and their attributes) associated with “oracle_database”:

As you can see, we can use 4 credential types for an Oracle (standalone) database. In fact, RAC databases have same credential types but you should enter “rac_database” instead of “oracle_database” while creating credentials for RAC databases. Anyway here’s the code to create a named credential for SYS user:

Auth_target_type parameter is the target type which you want to create a named credential for. Cred_type is one of types associated with the target type. Cred_name is the name of the credential. You enter key/values of the credential as the attributes parameters. Cred_scope identifies if the credential is global or for an instance. Default value of cred_scope is “global”. If you want to create a global DB credential which can be used with any Oracle database on your system, you need to remove “cred_scope, target_type, target_name” parameters:

I intentionally break the command to multiple lines, so it can fit to my blog page. You can write them in one line. It’s also possible to write these parameters into a text file, and make EMCLI read the parameters from the file:

If you add -test parameter, you can also test it. In this case, if the credential is not valid, it won’t be created:

Create_named_credential function of EMCLI has more options, you can find more details using help system:

Please share
  •  
  •  
  •  
  • 1
  •  
  •  
  •  

Gokhan Atil is a database administrator who has hands-on experience with both RDBMS and noSQL databases, and strong background on software development. He is certified as Oracle Certified Professional (OCP) and is awarded as Oracle ACE (in 2011) and Oracle ACE Director (in 2016) for his continuous contributions to the Oracle users community.

3 Comments

  1. AlexanderP

    Hello

    how can I create auth_target_type=oracle_database with OS ?Authentication, something like:
    cat named.txt

    auth_target_type=oracle_database
    cred_scope=Instance
    target_type=oracle_database
    target_name=TESTDB
    cred_type=DBCreds
    cred_name=TEST_CRED
    attributes=DBUserName:ops$oracle;DBRole:NORMAL

    ./emcli create_named_credential -properties_file=named.txt

  2. Dear Gokhan,

    thanks for your blogpost, the information is very much appreciated which you have presented here.

    Please note that the EM 13.2 Database Lifecycle Management procedure to “Upgrade Oracle Database” does make a string comparison which is case-sensitive in the “Upgrades Oracle Database Instance” step. You can see the comparison details in the /oracle/…/cfgtoollogs/rconfig/rconfig_<TIMESTAMP>.log.

    Please update DBRole:SYSDBA to DBRole:sysdba in your example attributes to make it work for both common Database Login (working case-insensitive) and the LCM Database Upgrade Provisioning Procedure.

    Kind regards,

    Stefan Thieme

    • Gokhan Atil

      Thank you Stefan for the valuable information. I updated the example.

Leave Comment

Your email address will not be published. Required fields are marked *