Oracle Analytics News

Home Oracle Analytics Oracle Analytics News

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

FDI: Steps To Update Fusion App Credentials With "Read keys from customer-managed vault" Option

249
Views
3
Comments
Subha_Tripathy-Oracle
Subha_Tripathy-Oracle Mod
edited May 22, 2025 9:09AM in Oracle Analytics News

This discussion outlines the steps required to update Fusion Application credentials using the "Read keys from customer-managed vault" option, introduced in Fusion Data Intelligence Release 25.R1. This enhancement allows for greater control and security by enabling integration with customer-managed keys stored in Oracle Vault. Follow the steps below to configure your environment accordingly.

Step 1 :- Ensure that the public certificate is uploaded in Fusion. And on configuring JWT-based authentication, select the 'Upload files' option and provide the corresponding key and certificate. This setup should allow the 'Test Connection' operation to complete successfully.

refer blog - link

image-28a82c455bd538-7d91.png

Step 2 :- Add the following policies

allow any-user to read secret-bundles in tenancy where all {request.principal.type in ('fawservice', 'fawextsvc','fawcontentservice')}
Allow group 'DOMAIN'/'FDI-Vault-Admin' to inspect all-resources in compartment Security
Allow group 'DOMAIN'/'FDI-Vault-Admin' to manage vaults in compartment Security
Allow group 'DOMAIN'/'FDI-Vault-Admin' to manage keys in compartment Security
Allow group 'DOMAIN'/'FDI-Vault-Admin' to manage secret-family in compartment Security

Ensure that the user updating the Fusion Apps credentials is a member of the FDI-Vault-Admin group.

Step 3 :- Navigate to Identity & Security > Vault, then select the 'Master Encryption Key' sub-tab and click 'Create Key'.

Configure the key with the following settings:

Protection Mode: HSM
Key Shape Algorithm: AES
Key Shape Length: 256
Specify the Name as: FAWMasterKeyEncryption
Then click 'Create Key'.

image-2b425e8c574568-91a3.png

Step 4 :- Navigate to Identity & Security > Vault, then select the 'Secrets' sub-tab and click 'Create Secret'.

Enter the Name for the Key.
Select the Encryption Key created in Step 3.
Choose 'Manual Secret Generation' as the generation method.
Set the Type Template to 'Plain-Text'.
Paste the key into the 'Secret Contents' field.
Ensure there are no extra characters, line breaks, or spaces in the key content.
Ensure the key appears as follows:


-----BEGIN RSA PRIVATE KEY----- 
key-content
-----END RSA PRIVATE KEY-----

image-ce181394c219a-423f.png

Repeat Step 4 to upload the Public Certificate to the Vault.

Ensure the key appears as follows:


-----BEGIN CERTIFICATE-----
certificate-content
-----END CERTIFICATE-----

image-6fcba73089e98-a886.png

Step 5 :- Navigate to Analytics & AI --> Data Intelligence --> Select FDI instance --> Click Update Fusion credentials:-

Select JWT Based

Select "Read keys from customer-managed vault" Option

Select Vault Compartment

Select Private Key & Public Certificate

Check Keys have been uploaded to Fusion Source

Click on Test connection. 

image-7c0d375f00e278-1b1b.png
Tagged:

Comments