Creating an instance by using database credentials stored in an external secret store

You can create a CDC Replication instance by using database credentials that are stored in an external secret store starting with Version 11.4.0.4-5629. The external environment can include applications like vault or secret managers.

Prerequisites

  • The stored credentials must have a minimum of read access.
  • You should be able to create a Java-based CDC Replication user exit to allow CDC Replication to retrieve the database credentials from the external secret store.
  • Only Java based user exits are allowed.
  • You must meet all the conditions of implementing the CDC Replication Java user exit and implement the methods that are required to retrieve the credentials.
  • All the credentials that are required for creating the CDC Replication instance should be added to the external secret store. CDC Replication retrieves the credentials by using the user exit.
  • You can use internal APIs to retrieve the credentials in the Java user exit. CDC Replication is not responsible for any security incidents. While using CDC Replication external APIs, it is your responsibility to copy the required APIs or jar files with the Java 8 compiled version of the user exit to the installation-directory/lib directory.

Using an external secret store

For a successful user experience for instance creation when you use an external secret store, follow these guidelines:

  • Create a Java user exit class to provide CDC Replication with the credentials that are required for database authentication. You must compile with Java 8. See Compiling the Java class sample user exits (UNIX and Linux) for more information.
  • Copy the compiled user exit class file to the CDC Replication installation/lib folder of the CDC Replication installation directory.
  • The Java user exit implements loadSecretsAsMap method to get the external secret store keys and its values. A sample user exit is available in the CDC Replication installation-directory/sample directory.
  • The CDC Replication instances use database credentials that are fetched through the user exit to create a successful database connection.
  • When you are creating an instance, choose y when asked whether to retrieve credentials from an external secret store through a Java user exit during instance configuration and provide the user exit class and the keys that correspond to the actual credentials while prompted and follow the documentation for instance creation.