Creating and managing credentials

Edit online

You can create and manage credentials for data sources that are used in the data source profiles by using central manager or APIs.

Managing credentials by using central manager

12.1 and later This feature is available in 12.1 and later versions of GuardiumĀ®.

  1. In Guardium Data Protection central manager, or stand-alone system, click Manage > Universal Connector > Credential Management.
  2. To create new credentials, click new add icon and enter the following details.
    Tip: You can use the same credentials for multiple profiles.

    The Credential Management table displays the credential details. When you hover over the Used in profile column, it displays the names of the data source profiles in which the credentials are used. To search credentials by name, enter the credential name in the Filter field.

    Table 1. Managing credential parameters
    Parameters Description
    Name Enter the name of the data source connection.
    Description Enter the data source description.
    Credential type
    Select one of the following credential types:
    • AWS access key ID and AWS secret access key
    • AWS role ARN
    • Service account JSON key file
    • JDBC username and JDBC password
    • JDBC username, JDBC password, and TLS CA certificate
    • Public-key and private key
    		 Enter the details according to the type of credential that you selected.
    Restriction:
    • The Kerberos feature is available on Guardium Data Protection 12.1 with bundle 12.0p120 and universal connector patch 12.p5002 and later versions.
    • Kerberos credentials are supported only for OUA over JDBC connect 2.0 and OUA MultiTenant over JDBC connect 2.0 plug-ins. Kerberos credentials can be configured by using either Kerberos username and password or a Keytab file.
    Table 2. Kerberos password login parameters
    Parameters Description
    Kerberos configuration file The client configuration file of Kerberos, for example krb5.conf. Click the Add icon new to upload the file. For more information, see Configuring Kerberos.
    Kerberos Username Enter the Kerberos username to authenticate the user.
    Kerberos Password Enter the Kerberos password to authenticate the user.
    Table 3. Kerberos Keytab login parameters
    Parameters Description
    Kerberos configuration file The client configuration file of Kerberos, for example krb5.conf. Click new add icon to upload the file. For more information, see Configuring Kerberos.
    Kerberos Username Enter the Kerberos username to authenticate the user.
    Kerberos Keytab A keytab is a file with pairs of Kerberos principals and encrypted keys that are derived from the Kerberos password. For more information, see Kerberos Keytab. Click new add icon to upload the file.

Managing credentials by using API

You can manage universal connector credentials by using APIs.

12.2.2 and later This feature is available in 12.2.2 and later versions of Guardium.

Use the following APIs to create, delete, retrieve, and update credentials for data source connections.