Manage master encryption key wallets
Use master encryption keys to encrypt trail files distributed to other GoldenGate deployments. You can then import and export master encryption key wallets to use with other source and target OCI GoldenGate deployments.
Note:
This information applies only to Data replication deployments.If a master key is created in Oracle GoldenGate, then each time GoldenGate creates a trail file, it automatically generates a new encryption key that encrypts the trail contents. The master key encrypts the encryption key.
Before you begin
Ensure that you have the following:
- Access to the Vault service and a Vault created
Note:
A virtual private vault is not required. - Added the minimum required policies to for OCI GoldenGate to use the Vault service
- A master encryption key created
in your Vault
Note:
Only AES, software protected keys, or HSM keys are supported. RSA and ECDSA are not supported.
Related Topics
Add a master key in the deployment console
- Launch the GoldenGate deployment console from the deployment details page.
- Log in as the GoldenGate admin user.
- After you log in, open the navigation menu, click Configuration, and then click Key Management.
- On the Key Management page, for Master Keys, click Add Master key (plus icon).
Export a master encryption key wallet from an OCI GoldenGate deployment
- On the Deployments page, select the deployment from which to export the master encryption key wallet.
- On the deployment details page, under Resources, click Master encryption key actions.
- Click Export.
- In the Export dialog:
- For Name, enter a name for the master encryption key wallet.
- (Optional) Enter a description to help distinguish it from others in the wallet list.
- For Vault in <compartment-name>, select the vault in which to export the master encryption key wallet. Click Change compartment to select a different compartment.
- For Encryption key in <compartment name>, select the appropriate encryption key to use. Click Change compartment to select a different compartment.
- Click Export.
Export a master key encryption wallet from an on premise Oracle GoldenGate instance
cwallet.sso
and
then copy it into an OCI Vault secret.
Import a master encryption key wallet to a deployment
- On the Deployments page, select the deployment in which to import the master encryption key wallet.
- On the deployment details page, under Resources, click Master encryption key wallet actions.
- Click Import.
- In the Import dialog:
- Click Import.
Import a master encryption key wallet to an on premise GoldenGate instance
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.