Creating an instance by using database key pair authentication

Prerequisites

Normally you need a database username, private key file, and private key file password (if the key is encrypted) to perform Key Pair Authentication. The actual parameters and parameter names vary based on the target database and JDBC driver. Refer to the respective database and JDBC driver documentation for the exact connection properties that are required and to be loaded in the user exit program.

You must be able to create a Java™-based CDC Replication user exit to retrieve database credentials from the external secret store of your choice. For example, the user exit that you develop might retrieve keys from container storage on a cloud, and retrieve passphrase from an external secrets store. All the credentials that are required for creating the CDC Replication instance must be loaded in the user exit. CDC Replication retrieves these credentials by using the user exit to establish the connection to the database. Only Java-based user exits are allowed. Meet all the conditions of implementing the CDC Replication Java user exit and implement the methods that are required to retrieve the credentials. CDC Replication is not responsible for any security incidents. While using CDC Replication external APIs, it is user's responsibility to copy the required APIs or JAR file with the same Java compiled version of the user exit to the installation-directory/lib directory.

Using database key pair authentication

For a successful user experience for instance creation when you use key pair authentication, follow these guidelines:

1. Create a Java user exit class to provide CDC Replication with the credentials that are required for database authentication.
2. Compile user exit by using the same version of jvm that CDC is running on. See Compiling the Java class sample user exits (UNIX and Linux®) for more information.
3. Copy the compiled user exit class file to the CDC Replication installation/lib folder of the CDC Replication installation directory.
4. The Java user exit uses the loadSecretsAsMap method to get the keys and values. This method requires the return type Map. However, if the database needs strictly defined types, such as the PrivateKey object, user exit provides another method that is known as loadSecretsAsMapObjects. Implement this function only if the user exit sends a firmly defined type, such as <String, PrivateKey>. In other cases, this method must not appear in the user exit.
   Note: Make sure that the user exit class is specified in the package com.datamirror.ts.external.keystore, and that the full package name is provided so that the class can be loaded during instance creation.
5. A sample user exit is available in the CDC Replication installation-directory/sample directory.
6. The CDC Replication instances use connection properties that are fetched through the user exit to create a successful database connection.

When you are creating an instance, choose n when asked whether to retrieve credentials from an external secret store through a Java user exit during instance configuration and y when asked whether to configure external key pair authentication through a Java user exit. Provide the user exit class name while prompted and follow the documentation for instance creation.