The hdbuserstore (hana secure user store) is a tool which comes as
an executable with the SAP Hana Client package.
This secure user store allows you to store SAP HANA connection information,
including user passwords, securely on clients. With the help of secure
store, the client applications can connect to SAP HANA without the user
having to enter host name or logon credentials. You can also use the secure
store to configure failover support for application servers in a 3-tier
scenario (for example, SAP Business Warehouse) by storing a list of all the
hosts that the application server can connect to.
To access the system using secure store, there are two connect options:
(1)key and (2)virtualHostName. key is the hdbuserstore key that you use to
connect to SAP HANA, while virtualHostName specifies the virtual host
name.
This option allows you to change where the hdbuserstore searches for the
data and key files.
Note: The secure user store can only be used for SQLDBC and JDBC-based
connections. As SAP HANA studio is based on eclipse, it uses the Eclipse
secure storage instead of hdb secure store.
LOCATION OF HDBUSERSTORE PROGRAM:
/usr/sap/hdbclient (Linux/UNIX)
%SystemDrive%\Program Files\sap\hdbclient (Microsoft Windows)
MANAGING THE KEYS
Create a key:
hdbuserstore -i SET <key_name> <hostname>:<port>@<DB
Name> <Username> <Password>
where,
key_name - Name you want to give to your key
hostname - Hostname on which DB is installed (can be localhost or
ip or virtual host)
port - Port number to be used to connect to DB
Username - User for which you are creating the key
Password - Password of the above existing user
DB Name - Database name in MDC environment
Combination of hostname:port is known as environment and represented as
env
Note: It's not mandatory to provide DB name while generating key but it's
a good practice to prevent conflicts.
Example:
hdbuserstore -i SET X vhabcxyzdb:30213@SYSTEMDB SYSTEM hello@123
Remove a key
hdbuserstore DELETE <key_name>
List all keys
hdbuserstore list
Using key to login
hdbsql -U <key_name>
You can know about other possible operations using hdbuserstore -h command.
LOCATION OF THE SECURE STORE DATA:
Connection information stored in the secure store is saved in the secure
store file SSFS_HDB.DAT.
On Microsoft Windows, the path of this file is defined by
<PROGRAMDATA>\.hdb\<COMPUTERNAME>\<SID>
For Linux/UNIX systems, the path is defined by
<HOME>/.hdb/<COMPUTERNAME or HOSTNAME>, where HOME
is the home folder of sidadm user.
If the path does not already exist, then the hdbuserstore program creates
it.
The secure store's content is stored in a platform-dependent way. You cannot
copy the secure store from one platform to another platform.
Just to add here you can use hdbuserstore list to check the details and presence of this particular key
ReplyDeleteIs there a way or script to check all user keys are working in single try?
ReplyDeleteI read it again and again and will come again. software development in chennai
ReplyDelete