Securing Oracle GoldenGate Database Login in a Credential Store
Security is always a big deal. In setting up Oracle GoldenGate the capture (extract) and apply (replicat) parameter files need to be configured to log in to the database which they will perform operations. In order to do this the Oracle GoldenGate User name and password need to be provided in the parameter files. Example 1 shows how the database login is traditionally done in a extract or replicat parameter file.
--Oracle Login USERID ggate, PASSWORD ggate
To make this process login information more secure, we can create a userid alias that the extract or replicat process can use to log into the database. In order to create a login alias, a credential store needs to be create. Below are the steps to create the credential store and associated aliases.
After logging into the GoldenGate Service Command Interface (GGSCI), a credential store needs to be created. By default the credential store will be kept in the “dircrd” directory undert the $OGG_HOME.
Create the credential store:
GGSCI (db12cgg.acme.com) 1> add credentialstore Credential store created in ./dircrd/.
With the credential store created, now an alias can be created for the gguser.
GGSCI (db12cgg.acme.com) 2> alter credentialstore add user ggate, password ggate alias aggate Credential store in ./dircrd/ altered.
The extract or replicat parameter files need to be updated to use the new alias. Once the update is done the associated process needs to be restarted.
--Oracle Login USERIDALIAS aggate
After restarting the process, the Oracle GoldenGate login is secure.
Note: If the password for the Oracle GoldenGate User changes, the alias in the credential store will need to be updated.
Current Oracle Certs
I’m Bobby Curtis and I’m just your normal average guy who has been working in the technology field for awhile (started when I was 18 with the US Army). The goal of this blog has changed a bit over the years. Initially, it was a general blog where I wrote thoughts down. Then it changed to focus on the Oracle Database, Oracle Enterprise Manager, and eventually Oracle GoldenGate.
If you want to follow me on a more timely manner, I can be followed on twitter at @dbasolved or on LinkedIn under “Bobby Curtis MBA”.
Reblogged this on Dinesh Ram Kali..