Oracle GoldenGate Administrator Tasks

1. Run GGSCI.
2. Issue the ENCRYPT PASSWORD command to encrypt the shared secret so that it is obfuscated within the Extract parameter file. This is a security requirement.

   ENCRYPT PASSWORD sharedsecret {AES128 | AES192 | AES256} ENCRYPTKEY keyname
   

   Where:

   • sharedsecret is the clear-text shared secret. This value is case-sensitive.

   • {AES128 | AES192 | AES256} specifies Advanced Encryption Standard (AES) encryption. Specify one of the values, which represents the desired key length.

   • keyname is the logical name of the encryption key in the ENCKEYS lookup file. Oracle GoldenGate uses this key to look up the actual key in the ENCKEYS file. To create a key and ENCKEYS file, see Administering Oracle GoldenGate.

     Example:

     ENCRYPT PASSWORD sharedsecret AES256 ENCRYPTKEY mykey1
     

3. In the Extract parameter file, use the DBOPTIONS parameter with the DECRYPTPASSWORD option. As input, supply the encrypted shared secret and the decryption key.

   DBOPTIONS DECRYPTPASSWORD sharedsecret {AES128 | AES192 | AES256} ENCRYPTKEY keyname
   

   Where:

   • sharedsecret is the encrypted shared secret.

   • {AES128 | AES192 | AES256} must be same value that was used for ENCRYPT PASSWORD.

   • keyname is the logical name of the encryption key in the ENCKEYS lookup file.

     Example:

     DBOPTIONS DECRYPTPASSWORD AACAAAAAAAAAAAIALCKDZIRHOJBHOJUH AES256 ENCRYPTKEY mykey1
     

4. Log in to SQL*Plus as a user with the SYSDBA system privilege.
5. Close and then re-open the wallet.

   SQL> alter system set encryption wallet close identified by "hsm/wallet_password";
   System altered.
   SQL> alter system set encryption wallet open identified by "hsm/wallet_password";
   System altered.