Vault parameters for JDBC Vault Credential Mapper plug-in
Add Vault parameters for CMPIVaultPlugin. For environments that use JDBC-based Vault host security, add the Vault plug-in parameters. This model is identical to the database mechanism used to associate network IDs and host IDs in the DCAS passticket environment. The only difference is that Vault-style authentication requires the CMPI_VAULT_DB_HOSTPW parameter
Required Vault parameters: The following Vault parameters are required:
- CMPI_VAULT_DB_ADDRESS
- This is a URL string that provides the address of the database.
An example of this string is
jdbc:db2://dtagw:6789/CMTEST
.
- CMPI_VAULT_DB_NET_DRIVER
- This string contains the name of the class that acts as the
network database driver. An example of this string is
COM.ibm.db2.jdbc.net.DB2Driver
. The location of this class is assumed to be in the existing class path.
- CMPI_VAULT_DB_USERID
- This is the ID of the user account to use when accessing the database.
- CMPI_VAULT_DB_CASE_SENSITIVE
- This parameter specifies whether the Vault plug-in converts the application ID and network ID of the user to lowercase characters and then uses the lcase() method to make SQL queries to the HCM database. This parameter should be set to true when using SQL applications that do not support the lcase() method.
- CMPI_VAULT_DB_PASSWORD
- This is the password of the user account to use when accessing the database.
- CMPI_VAULT_DB_TABLE
- This entry identifies the table to use for the needed query.
The following five parameter values exactly match the column names in your credential mapper database.
- CMPI_VAULT_DB_NETID_COL_NAME
- This entry identifies the name of the column that contains the network ID value (NETWORKID).
- CMPI_VAULT_DB_HOSTADDR_COL_NAME
- This entry identifies the name of the column that contains the host address value (HOSTADDRESS).
- CMPI_VAULT_DB_HOSTAPP_COL_NAME
- This entry identifies the name of the column that contains the
host application value (APPLICATIONID).
Note: Application ID is only used for 3270 host types.
- CMPI_VAULT_DB_HOSTID_COL_NAME
- This entry identifies the name of the column that contains the user's host identification value (HOSTID).
- CMPI_VAULT_DB_HOSTPW_COL_NAME
- This entry identifies the name of the column that contains the user's host password (PASSWORD).
Based on the information provided by the parameters above, you can make an SQL query of the database to get the host ID. This query uses the network ID, the host address, and the host application as keys for the query. The result is identified in the Host Identification column. Assuming that the query is successful, the user ID and password are returned.
Optional Vault parameters: The following Vault parameters are optional:
- CMPI_VAULT_TRACE_LEVEL
- This parameter specifies the trace level for the Vault plug-in.
The trace messages are logged to the ZIETrans trace file. Trace level
values include the following settings:
- 0 = None: No tracing. This is the default.
- 1 = Minimum: Trace APIs and parameters, return values, and errors.
- 2 = Normal: Trace Minimum plus internal APIs and parameters and informational messages.
- 3 = Maximum: Trace Normal plus Java™ exceptions.
- CMPI_VAULT_DB_PRESERVE_WHITESPACE
- This parameter indicates whether to trim white spaces from the credential request parameters or not. If true, the white spaces are not trimmed. The default is false.