Setup

Before configuring the Delinea JDBC Proxy Driver with your web server, you must complete the installation and setup process. This ensures the driver files are properly deployed and configured for secure communication with your Delinea Platform or Secret Server.

Step 1: Download the JDBC Proxy Driver Package

Download the Delinea JDBC Proxy Driver package from the Delinea marketplace:

Download Link: Delinea JDBC Proxy Driver

Step 2: Extract the Package

Extract the downloaded ZIP file to a location on your machine. The package contains:

  • Delinea-Jdbc-Proxy.jar - The JDBC proxy driver file that will be deployed to your application server
  • SetupUtility.jar - The configuration utility that encrypts credentials and configures the driver

Keep both JAR files in the same directory when running the Setup Utility. These files are the same regardless of which connection approach (Direct or DataSource) or web server you choose.

Step 3: Run the Setup Utility

To properly configure the Delinea JDBC Proxy Driver with your Secret Server or the Delinea Platform, you must run the Setup Utility. This process ensures that the driver integrates securely with your environment, including encryption settings and credential management.

The SetupUtility encrypts the Secret Server or Delinea Platform credentials, creates the DelineaDriver.properties file in the current folder, and copies the Delinea-Jdbc-Proxy.jar and DelineaDriver.properties files into the provided web server application's lib folder.

Prerequisites for Running Setup Utility

  • Java environment (JDK 8 or above)
  • SetupUtility.jar and Delinea-Jdbc-Proxy.jar in the same directory
  • Administrator/root access to run the utility
  • Web server service stopped

Running the Setup Utility

  1. Stop the Web Server service.

    This is a necessary step before running the setup utility to avoid conflicts with the active web server session.

  2. Open the command prompt as an administrator.

  3. Navigate to the directory containing the extracted JAR files.

  4. Choose your encryption mode and run the appropriate command:

    1. For default encryption mode: Run the command java –jar SetUpUtility.jar

      The SetUpUtility uses AES-GCM encryption to protect Secret Server or Delinea Platform credentials. It generates a unique hardware-based key by combining details from the CPU, motherboard, hard disk, and BIOS, and secures it with SHA-256 hashing. This encryption process ensures safe decryption, providing strong, system-specific data protection.

    2. For new encryption mode: Run the command java –jar SetUpUtility.jar 1

      The SetUpUtility creates an encryption key to encrypt Secret Server or Delinea Platform credentials. It stores the key in a hidden folder with appropriate file and folder permissions to restrict access.

      For more information about encryption modes, click here.

Configuring Parameters

The Setup Utility will prompt you for the following information. Provide the appropriate values based on whether you're using the Delinea Platform or Secret Server:

For Delinea Platform

  • Platform Instance URL: The URL where your platform instance is hosted (e.g., https://your-platform-instance.com).

  • Username: The username for your platform service account.

  • Password: The password for your platform service account.

  • Deployed application lib folder path: The path where the driver files should be deployed. Examples:

    • WebSphere: C:\Program Files\IBM\WebSphere\AppServer\lib
    • Tomcat: C:\Program Files\Apache Software Foundation\Tomcat 10.1\webapps\lib
    • JBoss: JBOSS_HOME/modules/com/delinea/main

  • Use Delinea Credentials Cache: Enter n (not applicable for Platform).

For Secret Server

  • Secret Server URL: The URL where your Secret Server is hosted (e.g., https://your-secret-server.com).

  • Username: The username for your Secret Server application account.

  • Password: The password for your Secret Server application account.

  • Deployed application lib folder path: The path where the driver files should be deployed. Examples:

    • WebSphere: C:\Program Files\IBM\WebSphere\AppServer\lib
    • Tomcat: C:\Program Files\Apache Software Foundation\Tomcat 10.1\lib
    • JBoss: JBOSS_HOME/modules/com/delinea/main

  • Use Delinea Credentials Cache:

    • Enter y if you are integrating with Delinea Credentials Cache and provide the baseURL (Credential Cache URL).

    • Enter n if you are connecting directly to Secret Server.

    To learn more about Delinea Credentials Cache, click here.

Encryption Key Rotation (New Encryption Mode Only)

When using new encryption mode, if a key already exists in the hidden folder, you will be prompted to decide whether to rotate it. If you choose to rotate the key, you must run the SetupUtility again for each application deployment on web servers.

You will be asked whether you want to rotate the encryption key. The options are:

  • Yes: Enable encryption key rotation to further secure the communication between your Delinea Platform or Secret Server and web servers. This process will periodically change the encryption key, ensuring enhanced security and minimizing the risk of key compromise.

  • No: Keep the existing encryption key, maintaining the current security configuration without any changes.

The SetupUtility validates the Secret Server or Delinea Platform credentials at runtime. If the credentials cannot be validated, the process will stop.

Setup Utility Output

The DelineaDriver.properties and Delinea-Jdbc-Proxy.jar files will be copied into the lib folder of the application.

Once the setup utility is complete, the DelineaDriver.properties file should contain:

  • encryptionMode = the mode of encryption. encryptionMode=1 for new encryption method and encryptionMode=0 for default encryption method.

  • identity = Secret Server or Delinea Platform credentials in encrypted format.

  • address = the Secret Server URL or the Delinea Platform URL.

  • baseURL = the Delinea Credential Cache URL (for Secret Server only). To learn how to configure and retrieve the baseURL, click here.

  • isLogging and logLevel = You can change only these parameters for logging purposes.

  • trustAllCertificate = this parameter can be set to either true or false. By default, the proxy driver does not trust all certificates. If the user trusts the certificate, set it to true.

Do not change the address and the identity parameters manually. If these need to be updated, it should be done through the SetupUtility.jar to avoid misconfigurations.

Next Steps

After completing the setup:

  1. Choose your connection approach - Determine whether your application uses Direct Connection or DataSource Connection.
  2. Follow the configuration steps for your chosen web server and connection type.
  3. Start your web server and verify the integration.

Configuring Logging for the Delinea JDBC Proxy Driver

When the Delinea setup utility is configured, by default the following parameters are set for logging purposes:

  • isLogging=true
  • logLevel=0

You can modify the logging parameter in the DelineaDriver.properties file based on the requirement. The parameters located in the lib folder path of the application are used for logging purposes:

  • isLogging = This parameter can be set to either true or false to enable additional logging other than the default. Set this parameter to LogLevel.

  • logLevel = This parameter allows you to log in based on the requirement. The value can be either 0, 1, 2, or 3.

    • Log Level 0 – (Logs Info) logs Information.
    • Log Level 1 – (Logs Warning) logs for developer.
    • Log Level 2 – (Logs Error) if any error logs will get printed.
    • Log Level 3 – (Logs all) the above 3 logs types will get printed with an additional debug log.

Restart the web server to reflect the changes in the DelineaDriver.properties file.