Featured image of post Revisited: Containerized Db2 client and connect with API key

Revisited: Containerized Db2 client and connect with API key

The steps to use an IBM Cloud API key for authentication to connect from the Db2 Warehouse client container to a Db2 on Cloud database.

Use an API key to connect to Db2

Some five years back, I blogged about how to use an API KEY or ACCESS TOKEN to connect to Db2 on IBM Cloud. What I had forgotten since then was the fact that I actually had utilized the Db2 Warehouse client container for that scenario. After realizing it, I set out to test the scenario again of using an IBM Cloud API key to connect from the client container to Db2 on Cloud.

Catalog the Db2 server and database

For my test I reused the Db2 server (TCPIP NODE) which I had cataloged as described in my recent post on the Db2 Warehouse client container. However, to connect to and authenticate with an IBM Cloud API key, I had to catalog the database again, use a different alias (in my case “cloudgss” instead of “cloudde”), and specify a different AUTHENTICATION type. Instead of

db2 catalog db database_name as alias_name at node db2_node_name authentication server_encrypt

I used the following command with authentication gssplugin.

db2 catalog db database_name as alias_name at node db2_node_name authentication gssplugin

The above linked Db2 documentation has the following about the GSS plugin:

Specifies that authentication takes place by using an external GSS API-based plug-in security mechanism.

GSS stands for Generic Security Services and is based on IETF RFC 2744, Generic Security Service API Version 2: C-bindings. The Db2 documentation details the required APIs and definitions for GSS-API authentication plug-ins - in case you would like to write your own authentication module.

Add the database user

To be able to authenticate to Db2 on Cloud with my IBM Cloud API key, next I needed to add myself as user with IBMid to the database. This can be done in the Db2 on Cloud console under “Settings” and “User Management”. The following screenshot shows the UI form (note that it shows “data_henrik” because I had already used “datahenrik” earlier…).

Add datahenrik as user

By default, the “regular user” privilege is selected, but I changed it to “Administrator”. Once done, the overview shows my user ID “datahenrik” added with “Administrator” privilege.

User was added

Connect and test

The last step was back in the Db2 Warehouse client container, using the command line interface. With the help of one of my IBM Cloud API keys I connected to and authenticated with the database (note the “cloudgss” alias), thanks to the GSS plugin:

connect to Db2 on Cloud database by authenticating with an API key

Once connected, I ran the ultimate test:

db2 "values current schema"

The above command returns the expected result, “DATAHENRIK”. All good… 😃

If you have feedback, suggestions, or questions about this post, please reach out to me on Mastodon (@data_henrik@mastodon.social) or LinkedIn.

© 2008 - 2025 Data Henrik
Imprint