Subscriber Count

    459

Subscribe to Posts by Email

Pages

Example 15: Security in Goldengate

As you aware, the parameter files for Extract and replicat contains database username and password which can be security concern.

Hence goldengate provide a keygen utility to create a encryption key and can be used to generate a encrypted password and use that encrypted password in parameter file.

Let's look at, first create a encryption keys using keygen utility in goldengate software location

oracle@sourcehost:/data/ggate  $ ./keygen  128 4 >> ENCKEYS

0x022A972B7CF6EF537DBCF35792BEH321

0x03CC8167B516426D9CA3A70B5B1FDW12

0x066E6C23EF369406BA8A5B3F2580DF54

0x0A10575F2857E61FD8710F73EFE08H11

### Copy the Enckeys file to target goldengate home

scp ENCKEYS target:/data/ggate

### Create a Encryption password using Encryption of above

[oracle@sourcehost]/data/ggate # ./ggsci

Oracle GoldenGate Command Interpreter for Oracle

Version 11.2.1.0.1 OGGCORE_11.2.1.0.1_PLATFORMS_120423.0230_FBO

Linux, x64, 64bit (optimized), Oracle 11g on Apr 23 2012 08:32:14

Copyright (C) 1995, 2012, Oracle and/or its affiliates. All rights reserved.

GGSCI (source) 2> encrypt password gguser123 ENCRYPTKEY key1

Encrypted password:  AADAAAAAAAAAAAKAVHWAGJIGWBGHDBRAGJMIPEQEXBYEMDYIRBICFHSCTDHHEJHANCKAUDDGQJPBHRDT

Algorithm used:  AES128

GGSCI (source) 3> dblogin USERID gguser@MYDB, PASSWORD AADAAAAAAAAAAAKAVHWAGJIGWBGHDBRAGJMIPEQEXBYEMDYIRBICFHSCTDHHEJHANCKAUDDGQJPBHRDT, encryptkey key1

Successfully logged into database.

GGSCI (source) 4> dblogin USERID gguser@MYDB, PASSWORD gguser123

Successfully logged into database.

So you can use this encrypted password in your extract param file

GGSCI> edit params ext3

### Look at below bold part and remove old password and keep the encrypted password.

EXTRACT ext1

USERID ggs_owner, PASSWORD AADAAAAAAAAAAAKAVHWAGJIGWBGHDBRAGJMIPEQEXBYEMDYIRBICFHSCTDHHEJHANCKAUDDGQJPBHRDT, encryptkey  key1

RMTHOST 192.168.56.109, MGRPORT 7809

RMTTASK replicat, GROUP rep1

TABLE test.myobj;

As we removed the clear text password and reset the password with new above encrypted password.

 

 

https://education.oracle.com/pls/eval-eddap-dcd/ocp_interface.ocp_candidate_login?p_include=Y&p_org_id=1001&p_lang=US