Create Oracle GoldenGate Master Keys in Oracle Key Vault
You can create an AES 256 master key for Oracle GoldenGate instead of registering it.
-
Create an AES 256 Oracle GoldenGate master key, as shown in the following example.
java -jar okvrestservices.jar kmip --config ./conf/okvclient.ora --service create_key --algorithm AES --length 256 --mask "ENCRYPT,DECRYPT" --wallet OGG_WALLET
This code returns a UID similar to
64B3AAD0-BE77-1821-E053-0100007FD177
. -
Activate the master key, as shown in the following example.
java -jar okvrestservices.jar kmip --config ./conf/okvclient.ora --service activate --uid 64B3AAD0-BE77-1821-E053-0100007FD177
-
Add the Oracle GoldenGate master key name and version attributes to the key, as shown in the following example.
java -jar okvrestservices.jar kmip --config ./conf/okvclient.ora --service add_custom_attr --uid 64B3AAD0-BE77-1821-E053-0100007FD178 --attribute x-OGG-KeyName --type TEXT --value OGG_MASTER_KEY_NAME
java -jar okvrestservices.jar kmip --config ./conf/okvclient.ora --service add_custom_attr --uid 64B3AAD0-BE77-1821-E053-0100007FD178 --attribute x-OGG-KeyVersion --type TEXT --value 201
Oracle GoldenGate identifies the master key for a particular
deployment using the custom attributes,
x-OGG-KeyName
and
x-OGG-KeyVersion
.
Parent topic: Uploading Master Keys in Oracle Key Vault