One of my blog readers asked me to write a sample EMCLI codes to create named credentials for Database. To be able to create a named credential, you need to know the target name (unless you create a global credential), target type and credential type associated with the target type. Let’s say I want to create a named credential for my database named “TESTDB”. First I need to login to our EM12c server, and list targets named “TESTDB”:
./emcli login -username=SYSMAN ./emcli get_targets -targets="TESTDB:%" Status ID Status Target Type Target Name 1 Up oracle_database TESTDB
The % sign after the TESTDB means any target type (be careful about the colon (:) symbol between target name and target type). So we know that our TESTDB is an “oracle_database”. I’m sure you will memorize most of the target types after you start to work with EMCLI but I still prefer to check them before executing commands. Now we need to get the credential types (and their attributes) associated with “oracle_database”:
./emcli show_credential_type_info -target_type=oracle_database
Target Type Cred Type Name Cred Type Column Name Key Column
oracle_database DBCreds DBPassword No
DBRole No
DBUserName Yes
DBHostCreds HostPassword No
HostUserName Yes
DBKerberosCreds DBKerberosPassword No
DBKerberosUserName Yes
HostSSHCreds SSH_PUB_KEY No
SSH_PVT_KEY No
USERNAME Yes
As you can see, we can use 4 credential types for an Oracle (standalone) database. In fact, RAC databases have same credential types but you should enter “rac_database” instead of “oracle_database” while creating credentials for RAC databases. Anyway here’s the code to create a named credential for SYS user:
./emcli create_named_credential -auth_target_type=oracle_database \ -cred_scope=Instance -target_type=oracle_database \ -target_name=TESTDB -cred_type=DBCreds -cred_name=TEST_CRED \ -attributes="DBUserName:SYS;DBPassword:yourpassword;DBRole:SYSDBA"
Auth_target_type parameter is the target type which you want to create a named credential for. Cred_type is one of types associated with the target type. Cred_name is the name of the credential. You enter key/values of the credential as the attributes parameters. Cred_scope identifies if the credential is global or for an instance. Default value of cred_scope is “global”. If you want to create a global DB credential which can be used with any Oracle database on your system, you need to remove “cred_scope, target_type, target_name” parameters:
./emcli create_named_credential -auth_target_type=oracle_database \ -cred_type=DBCreds -cred_name=TEST_CRED \ -attributes="DBUserName:SYS;DBPassword:yourpassword;DBRole:SYSDBA"
I intentionally break the command to multiple lines, so it can fit to my blog page. You can write them in one line. It’s also possible to write these parameters into a text file, and make EMCLI read the parameters from the file:
cat named.txt auth_target_type=oracle_database cred_scope=Instance target_type=oracle_database target_name=TESTDB cred_type=DBCreds cred_name=TEST_CRED attributes=DBUserName:SYS;DBPassword:yourpassword;DBRole:SYSDBA ./emcli create_named_credential -properties_file=named.txt
If you add -test parameter, you can also test it. In this case, if the credential is not valid, it won’t be created:
./emcli create_named_credential -properties_file=named.txt -test
Create_named_credential function of EMCLI has more options, you can find more details using help system:
./emcli help create_named_credential