By default, Guardium® uses
a password for GBDI file extraction. Use this procedure to configure a key pair authentication
instead of a password. You upload the file to the central manager, and from there distribute it to
the relevant managed units.
About this task
Upload the key file to the central manager if you want to distribute it to managed units. You can
upload it to an individual managed unit, but cannot distribute it from there to other managed units.
When you upload the file to the Guardium
system, it is deleted from the file server.
Procedure
-
Upload the key to the file server.
- On the central manager, upload the key file to all managed units with
the GuardAPI command copy_key_file, for example:
grdapi copy_key_file fileName="/opt/IBM/Guardium/log/key-file" all="true"
The central manager copies (by SCP) the key file to all managed units, copies the
file to the central manager, and deletes it from the file server. At the end it returns a list of
all managed units with the status of the grdapi execution for each. If a unit is down, its status is
failed.
- For GBDI using data marts: Update the copy_file details with the GuardAPI
command datamart_update_copy_file_info, for example:
grdapi datamart_update_copy_file_info destinationHost=<server name> destinationPassword="file:key-file" destinationPath=<path> destinationUser=<user> Name="<datamart name>" transferMethod="SCP"
- If distribution to a managed unit failed, upload the key to the file server on this unit
and run the GuardAPI command copy_key_file on that unit.
grdapi copy_key_file fileName="<keyFile.key>"
- To install a new key file, repeat steps 1, 2, and 3.
Results
The key file is used for file transfer, instead of a password.