17.10 - Credentials File - Access Module

Teradata® Tools and Utilities Access Module Reference

Product
Access Module
Release Number
17.10
Published
October 2021
Language
English (United States)
Last Update
2021-11-02
dita:mapPath
uur1608578381725.ditamap
dita:ditavalPath
obe1474387269547.ditaval

The credentials file allows some of the Teradata Access Module for GCS parameters, particularly credentials, to be stored in a file rather than placed in the TPT job scripts. For convenience and consistency, the syntax and conventions are similar to the credentials file being used for the Teradata Access Module for S3.

A user-created credentials file contains the connection credentials such as "Access Key Id" and "Secret Access Key" (similar in concept to userid and password). The credentials file entry for the AccessID is gcs_access_key_id. The credentials file entry for the AccessKey is gcs_secret_access_key.

The following is an example of the contents of the credentials file with a default location of ~/.gcs/credentials:

[default]
gcs_access_key_id = <some-ecosystem-id>@<some-name>.gserviceaccount.com
gcs_secret_access_key = ************pqrs
[load_job_1]
gcs_access_key_id = <some-ecosystem-id>@<some-name>.gserviceaccount.com
gcs_secret_access_key = ************abcd
[export_job_1]
gcs_access_key_id = <some-ecosystem-id>@<some-name>.gserviceaccount.com
gcs_secret_access_key = ************wxyz
The Teradata Access Module for GCS requires the use of a Service Account. When obtaining the Service Account credentials (usually in JSON format) use the following parameters:
  • “client_email” value for the gcs_access_key_id entry (or AccessID in the Initialization string)
  • “private_key” value for the gcs_secret_access_key entry (or AccessKey in the Initialization string)

The “private_key” usually begins with -----BEGIN PRIVATE KEY----- and ends with -----END PRIVATE KEY-----\n. Make sure you copy all characters verbatim, including all \n characters, without the enclosing double-quotes, without any modifications.

The access module attempts to output (to the console) the last several characters of the “private_key” prior to -----END PRIVATE KEY-----\n so the user can verify the proper key was specified.