1. Administrator's Guide
  2. Reference
  3. Admin Utility Command Reference
  4. securityconfig

securityconfig

A KVStore can be configured securely. In a secure configuration, network communications between NoSQL clients, utilities, and NoSQL server components are encrypted using SSL/TLS, and all processes must authenticate themselves to the components to which they connect. To set up security when configuring a KVStore, you need to create an initial security configuration. To do this, run securityconfig tool before, after, or as part of the makebootconfig process. You should not create a security configuration at each node. Instead, you should distribute the initial security configuration across all the Storage Nodes in your store. If the stores do not share a common security configuration they will be unable to communicate with one another.
java -Xmx64m -Xms64m -jar lib/kvstore.jar securityconfig
Various commands used in the securityconfig tool:
  • config create
  • config add-security
  • config verify
  • config update
  • config merge-trust
  • config show
  • config remove-security

You invoke the config create command to create the security configuration.

Use the config create command with the -pwdmgr option to specify the mechanism used to hold password that is needed for accessing the store. In the example below, Oracle Wallet is used.
security-> config create -pwdmgr wallet -root KVROOT

Enter a password for your store and then reenter it for verification. The configuration tool will automatically generate some security related files.

For more information on config create command, see Creating the security configuration.

Use the config add-security command to add the security configuration you just created.
security-> config add-security -root KVROOT -secdir security -config config.xml
You can use the config verify command to verify the consistency and correctness of the security configuration.
security-> config verify -secdir <security dir>
You can use the config update command to update the security parameters of a security configuration. You can specify a list of security parameters to update.
security-> config update -secdir <security dir> [-param <param=value>]*
You can use the config merge-trust command to merge truststore entries from one security configuration into another security configuration. This command is helpful when performing security maintenance, particularly when you need to update the SSL key/certificate. You can specify a list of parameters which includes the directory that contains the security configuration that will be updated (secroot) and the directory that contains the security configuration that will provide new trust information ().
security-> config merge-trust -root <secroot> 
[-secdir <security dir>] -source-root <source secroot> 
[-source-secdir <source secdir>] [-ctspwd <client.trust password>]
You can use the config show command to print out all security configuration information.
security-> config show -secdir <security dir>
If you want to disable security for some reason in an existing installation, you can use the config remove-security command.
security-> config remove-security -root <kvroot> [-config >config.xml>]

For more information on configuring security using securityconfig tool, see Configuring Security with securityconfig.