1. Oracle GoldenGate Security Guide
  2. Securing the Classic Architecture
  3. Managing Encryption Using a Key Management Service in Oracle GoldenGate Classic Architecture
  4. Uploading Master Keys in Oracle Key Vault
  5. Create Oracle GoldenGate Master Keys in Oracle Key Vault

Create Oracle GoldenGate Master Keys in Oracle Key Vault

You can create an AES 256 master key for Oracle GoldenGate instead of registering it.

Here are the steps to create the Oracle GoldenGate master key in Oracle Key Vault:

  1. Create an AES 256 Oracle GoldenGate master key, as shown in the following example. 

    java  -jar okvrestservices.jar kmip --config ./conf/okvclient.ora --service create_key 
 --algorithm AES --length 256 --mask "ENCRYPT,DECRYPT" --wallet OGG_WALLET

    This code returns a UID similar to 64B3AAD0-BE77-1821-E053-0100007FD177.

  2. Activate the master key, as shown in the following example.

    java  -jar okvrestservices.jar kmip --config ./conf/okvclient.ora --service activate 
    --uid 64B3AAD0-BE77-1821-E053-0100007FD177

  3. Add the Oracle GoldenGate master key name and version attributes to the key, as shown in the following example. 

    
    java  -jar okvrestservices.jar kmip --config ./conf/okvclient.ora 
      --service  add_custom_attr --uid 64B3AAD0-BE77-1821-E053-0100007FD178
      --attribute x-OGG-KeyName --type TEXT --value OGG_MASTER_KEY_NAME
    
    java  -jar okvrestservices.jar kmip --config ./conf/okvclient.ora 
      --service  add_custom_attr --uid 64B3AAD0-BE77-1821-E053-0100007FD178
      --attribute x-OGG-KeyVersion --type TEXT --value 201

Oracle GoldenGate identifies the master key for a particular deployment using the custom attributes, x-OGG-KeyName and x-OGG-KeyVersion.

Parent topic: Uploading Master Keys in Oracle Key Vault