ALERT

[WEBINAR] Extract Value From Your Data Through Micro-Queries

Credential Store

Definition - What does Credential Store mean?

A credential store is a library of security data. A credential can hold public key certificates, username and password combinations, or tickets.

Credentials are utilized at the time of authentication, when subjects are populated with principals, and also during authorization, when identifying the actions the subjects are able to perform.

Oracle Platform Security Services (OPSS) consists of the Credential Store Framework (CSF). The CSF is a collection of APIs that applications can utilize for creating, reading, updating, and managing credentials securely. A standard application of the credential store is the storage of credentials (user names and passwords) to gain access to some external systems, such as an LDAP-based repository or a database.

Techopedia explains Credential Store

In the credential store framework (CSF), a credential is determined by a key name and a map name.

Usually, the map name corresponds to an application's name, and all credentials having the same map name outline a logical set of credentials, like the credentials utilized by the application. The combination of key name and map name should be unique for every entry in the credential store.

The default credential store is Oracle Wallet. For a production environment, an LDAP-based Oracle Internet Directory is ideal to be used as a credential store. Also, it is recommended to use Oracle Wallet for storing X.509 certificates.

The storage of end-user digital certificates are not supported by the credential stores. Furthermore, the credentials can be provisioned, recovered, customized, or erased, but only by a user with relevant administration rights.

In order to access the credential store and carry out the operations, the CSF API is used. The CSF includes the following features:

  • It enables the users to securely manage the credentials.
  • It offers an API for storage, recovery, and maintenance of credentials in various back-end repositories.
  • It has the ability to support LDAP-based and file-based (Oracle wallet) credential management.
Share this: