New Features for DBA’s

Subscribe to Posts by Email


 

Subscriber Count

    696

Disclaimer

All information is offered in good faith and in the hope that it may be of use for educational purpose and for Database community purpose, but is not guaranteed to be correct, up to date or suitable for any particular purpose. db.geeksinsight.com accepts no liability in respect of this information or its use. This site is independent of and does not represent Oracle Corporation in any way. Oracle does not officially sponsor, approve, or endorse this site or its content and if notify any such I am happy to remove. Product and company names mentioned in this website may be the trademarks of their respective owners and published here for informational purpose only. This is my personal blog. The views expressed on these pages are mine and learnt from other blogs and bloggers and to enhance and support the DBA community and this web blog does not represent the thoughts, intentions, plans or strategies of my current employer nor the Oracle and its affiliates or any other companies. And this website does not offer or take profit for providing these content and this is purely non-profit and for educational purpose only. If you see any issues with Content and copy write issues, I am happy to remove if you notify me. Contact Geek DBA Team, via geeksinsights@gmail.com

Pages

Example 15: Security in Goldengate

As you aware, the parameter files for Extract and replicat contains database username and password which can be security concern.

Hence goldengate provide a keygen utility to create a encryption key and can be used to generate a encrypted password and use that encrypted password in parameter file.

Let's look at, first create a encryption keys using keygen utility in goldengate software location

oracle@sourcehost:/data/ggate  $ ./keygen  128 4 >> ENCKEYS

0x022A972B7CF6EF537DBCF35792BEH321

0x03CC8167B516426D9CA3A70B5B1FDW12

0x066E6C23EF369406BA8A5B3F2580DF54

0x0A10575F2857E61FD8710F73EFE08H11

### Copy the Enckeys file to target goldengate home

scp ENCKEYS target:/data/ggate

### Create a Encryption password using Encryption of above

[oracle@sourcehost]/data/ggate # ./ggsci

Oracle GoldenGate Command Interpreter for Oracle

Version 11.2.1.0.1 OGGCORE_11.2.1.0.1_PLATFORMS_120423.0230_FBO

Linux, x64, 64bit (optimized), Oracle 11g on Apr 23 2012 08:32:14

Copyright (C) 1995, 2012, Oracle and/or its affiliates. All rights reserved.

GGSCI (source) 2> encrypt password gguser123 ENCRYPTKEY key1

Encrypted password:  AADAAAAAAAAAAAKAVHWAGJIGWBGHDBRAGJMIPEQEXBYEMDYIRBICFHSCTDHHEJHANCKAUDDGQJPBHRDT

Algorithm used:  AES128

GGSCI (source) 3> dblogin USERID gguser@MYDB, PASSWORD AADAAAAAAAAAAAKAVHWAGJIGWBGHDBRAGJMIPEQEXBYEMDYIRBICFHSCTDHHEJHANCKAUDDGQJPBHRDT, encryptkey key1

Successfully logged into database.

GGSCI (source) 4> dblogin USERID gguser@MYDB, PASSWORD gguser123

Successfully logged into database.

So you can use this encrypted password in your extract param file

GGSCI> edit params ext3

### Look at below bold part and remove old password and keep the encrypted password.

EXTRACT ext1

USERID ggs_owner, PASSWORD AADAAAAAAAAAAAKAVHWAGJIGWBGHDBRAGJMIPEQEXBYEMDYIRBICFHSCTDHHEJHANCKAUDDGQJPBHRDT, encryptkey  key1

RMTHOST 192.168.56.109, MGRPORT 7809

RMTTASK replicat, GROUP rep1

TABLE test.myobj;

As we removed the clear text password and reset the password with new above encrypted password.

 

 

https://education.oracle.com/pls/eval-eddap-dcd/ocp_interface.ocp_candidate_login?p_include=Y&p_org_id=1001&p_lang=US