Requirements for Using OCI Secrets for WebLogic and Node Manager Credentials
Pre-General Availability: 2024-10-11
The following legal notice applies to Oracle pre-GA releases. For copyright and other applicable notices, see Oracle Legal Notices.
Pre-General Availability Draft Documentation Notice
This documentation is in pre-General Availability status and is intended for demonstration and preliminary use only. It may not be specific to the hardware on which you are using the software. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to this documentation and will not be responsible for any loss, costs, or damages incurred due to the use of this documentation.
OCI Vault is an encryption management service that stores and manages encryption keys and secrets to securely access resources. Secrets are credentials such as passwords, certificates, SSH keys, or authentication tokens that you use with OCI services. If you create secrets for WebLogic user name and password or Node Manager user name and password, WebLogic Management can use the secrets when it requires administrative credentials, such as starting and stopping WebLogic servers.
As part of configuring a domain in WebLogic Management, you can opt to use OCI secrets for WebLogic or Node Manager credentials. WebLogic Management stores the secret OCIDs in the service database and sends the values as payload for lifecycle operations (domain start, stop, restart) and patching operations (patching, rollback). Use this feature if you do not want the plugin to read the credentials from the domain itself. This is particularly useful in secure production environments where boot.properties are not used and the WebLogic credentials are not stored in the ServertStart Mbean.
Policy Prerequisites
The WebLogic Management plugin runs on the customer compute instance. The dynamic group in which the compute is a member should have privilege to read the secrets. The following policy is required in the customer tenancy when secret OCIDs are used for WebLogic and Node Manager credentials.
allow dynamic-group <dynamic-group-name> to read secret-family in compartment <compartment-name>We recommend that you use more granular policies to limit access to a specific set of secrets, keys or vaults. See common policies for managing vaults, keys, and secrets for more details.
Create Secrets
To create secrets for WebLogic user name and password and Node Manager user name and password. See Managing Vault Secrets.
To use these secrets for WebLogic or Node Manager credentials, see Defining or Editing WebLogic Credentials for Domain and Defining or Editing Node Manager Credentials for Domain.