Creating an instance by using database key pair authentication
You can create a CDC Replication instance by using key pair authentication starting with version 11.4.0.4-5694.
Prerequisites
Normally you need a database username, private key file, and private key file password (if the key is encrypted) to perform Key Pair Authentication. The actual parameters and parameter names vary based on the target database and JDBC driver. Refer to the respective database and JDBC driver documentation for the exact connection properties that are required and to be loaded in the user exit program.
You should be able to create a Java™-based CDC Replication user exit to retrieve database credentials from the external secret store of your choice. For example, the user exit that you develop might retrieve keys from container storage on a cloud, and retrieve passphrase from an external secrets store. All the credentials that are required for creating the CDC Replication instance must be loaded in the user exit. CDC Replication retrieves these credentials by using the user exit to establish the connection to the database. Only Java-based user exits are allowed. Meet all the conditions of implementing the CDC Replication Java user exit and implement the methods that are required to retrieve the credentials. CDC Replication is not responsible for any security incidents. While using CDC Replication external APIs, it is your responsibility to copy the required APIs or JAR file with the Java 8 compiled version of the user exit to the installation-directory/lib directory.
Using database key pair authentication
For a successful user experience for instance creation when you use key pair authentication, follow these guidelines:
- Create a Java user exit class to provide CDC Replication with the credentials that are required for database authentication.
- Compile with
Java 8
. See Compiling the Java class sample user exits (UNIX and Linux®) for more information. - Copy the compiled user exit class file to the CDC Replication installation/lib folder of the CDC Replication installation directory.
- The Java user exit implements
loadSecretsAsMap()
method to get all parameters and its values. - A sample user exit is available in the CDC Replication
installation-directory/sample
directory. - The CDC Replication instances use connection properties that are fetched through the user exit to create a successful database connection.
When you are creating an instance, choose n
when asked whether to retrieve credentials from an external secret store through a Java user exit during instance configuration and y
when asked whether to configure external key pair authentication through a Java user exit. Provide the user exit class name while prompted and follow the documentation for instance creation.