Why I created a blog

Its been many years since I first created this blog. It has remained true to Essbase and related information over those years. Hopefully it has answered questions and given you insight over those years. I will continue to provide my observations and comments on the ever changing world of EPM. Don't be surprised if the scope of the blog changes and brings in other Hyperion topics.

Thursday, April 30, 2020

Creating Encrypted Keys for Essbase using the OCI CLI

In the latest release of Marketplace 19c we are now required to encrypt three keys used in the install process: The Essbase password, the Confidential Application secret and the Database password.  I find it funny we are encrypting a secret, but I digress.  If you want a really good article on the whole install process, look at Sarah Zembrum's post creating-an-essbase-19c-stack-on-the-oci-marketplace It has a detailed step by step instruction on what you need to do. In the post at step 13, she talks about installing the OCI CLI on your machine and has a link another of her good posts on doing the setup. That said, There is an easier way.

Once you are on your Cloud service console, go to the hamburger next to Oracle and select Compute (I'm sure it shows up other places, but I found it here)
Once you are on your compute instance, on the right side of the screen next to the data center you will see an icon that looks like a box with a greater than sign
Clicking on that opens Cloud Shell instance. This is a LinuX instance that has OCI installed on it already so you don't have to go through the tedious install process. 

Once you are in, you can convert the items to Base 64 and use the CLI command to encrypt your  passwords. Follow Sarah's step14 and repeat for your Confidential Application and DB passwords. It is easiest to do them all now than to come back later to do the other two.
What is nice is I can use VI to create s a script to do everything and save it there.  Once I saved it, I did have to go back ad do a chmod to make it executable 
For example here is my keyencrypt.sh script. 
I know it says Phoenix and in my earlier step I connected to Ashburn.  This is just an example of the script where I did not change everything.

Note, I can't use this for doing things like scheduling the stop and start of Essbase, but it gets me past the install pretty easily.

No comments: