What is Credential Store?
A credential store is a library of security data. A credential can contain public key certificates, username and password combinations, or tickets.
Credentials are used at authentication time, when subjects are populated with principals, and also during authorization, when the actions that subjects can take are identified.
Oracle Platform Security Services (OPSS) consists of the Credential Store Framework (CSF). The CSF is a collection of APIs that applications can use to securely create, read, update, and manage credentials. A standard use of the credential store is to store credentials (usernames and passwords) to gain access to some external systems, such as: B. an LDAP-based repository or a database.
In the Credential Store Framework (CSF), a credential is determined using a key name and a card name.
Typically, the map name is the same as the name of an application, and all credentials with the same map name have a logical group of credentials as the credentials used by the application. The key name and card name combination should be unique for each entry in the credential store.
The default credential store is Oracle Wallet. For a production environment, an LDAP-based Oracle Internet directory is ideal as a credential store. It is also recommended to use Oracle Wallet to store X.509 certificateen to use.
The credential stores do not support storing end-user digital certificates. In addition, the credentials can be provided, restored, adjusted or deleted, but only by a user with appropriate administrator rights.
The CSF API is used to access the credential store and perform the operations. The CSF contains the following functions:
It enables the users to securely manage the credentials.
It provides an API for storing, restoring, and managing credentials in various back-end repositories.
It supports LDAP based and file based (Oracle Wallet) credentials.