OKM - How to embed the password or passphrase within the 'okm listauditevents' command in the OKM CLI

Asset ID:	1-71-1917157.1
Update Date:	2014-08-19
Keywords:

Solution Type Technical Instruction Sure

Solution 1917157.1 : OKM - How to embed the password or passphrase within the 'okm listauditevents' command in the OKM CLI

Applies to:

Oracle Key Manager - Version 2.0.0 to 3.0 [Release 2.0 to 3.0]
Information in this document applies to any platform.

Goal

Is there a way to embed the password or passphrase within the 'okm listauditevents' command in the KMA CLI?
Is there a way to automate the 'okm listauditevents' command and at the same time limit its usage to authorized users?

Solution

The 'okm' command utility can use X.509 certificates for authentication instead of using a username and passphrase.
If the username option is invoked in the 'okm listauditevents' command, the user will be prompted to enter a passphrase.
Note: The user ID and the certificate options ( --cacert and --usercert ) cannot be used in the okm command at the same time. These options are mutually exclusive.

Example 1. The following example lists audit events using X.509 certificates for authentication

okm listauditevents -k mykma1 --directory=C:\KMS\Certificates --output=C:\KMS\KMSAuditEvents

  Note: In the example above, the Root CA and client PEM certificates are saved in C:\KMS\Certificates directory.
  See the OKM admin guide, http://docs.oracle.com/cd/E50985_01/en/E41579/E41579_02.pdf , PDF page 83, on how to export the OKM certificate files to the desktop
where the 'okm' command will be invoked.

Example 2. The following example lists audit events using the user ID of an OKM user for authentication. (The user will be prompted to enter the passphrase.)

okm listauditevents -k mykma1 -b Joe -f "Severity=Error" --output=D:\KMS\KMSAuditEvents

A complete description of the 'okm' command and its usage can be found in the OKM admin guide.

Attachments

This solution has no attachment