7.2.2 Prerequisites for Configuring OKV on Oracle GoldenGate
Learn the prerequisites for setting up OKV with Oracle GoldenGate.
The following steps belong to the OKV configuration on the machine where the Oracle GoldenGate instance is running:
-
Download the
okvrestservices.jar
from the OKV server, where Oracle GoldenGate is deployed as the same system user as the deployment. -
Download and install the endpoint file,
okvclient.jar
from the OKV server, where Oracle GoldenGate is deployed as the same system user as the deployment. For example,OS> java -jar okvclient.jar -d /u01/app/oracle/OKV
- Create the key. The name of the wallet is provided by the OKV
administrator. The following example show how the key is
created:
OS> java -jar okvrestservices.jar kmip --config /u01/app/oracle/OKV/conf/okvclient.ora --service create_key --algorithm AES --length 256 --mask "ENCRYPT,DECRYPT,TRANSLATE_ENCRYPT,TRANSLATE_DECRYPT,TRANSLATE_WRAP,TRANSLATE_UNWRAP" --wallet OKV_WALLET76876ABA-B06D-4F35-BF7C-D9306D29764B
Alternatively, you can register your own key, as shown in the following example:OS>java -jar okvrestservices.jar kmip --config ./conf/okvclient.ora --service reg_key -ENCRYPT,DECRYPT,TRANSLATE_ENCRYPT,TRANSLATE_DECRYPT,TRANSLATE_WRAP,TRANSLATE_UNWRAP --wallet OGG_WALLET --object /u01/key.txt64B3AAD0-BE77-1821-E053-0100007FD178
-
Set the
OKV_HOME
environment variable.OS> setenv OKV_HOME /u01/app/oracle/OKV
The sub-directory structure contains the necessary libraries, binaries, and configuration files for the OKV environment. See Install OKV Software Onto Endpoint in the Oracle Key Vault Administration Guide for details about the configuration within the OKV server.
-
Activate the key as shown in the following example:
OS> java -jar okvrestservices.jar kmip --config /u01/app/oracle/OKV/conf/okvclient.ora --service activate --uid 76876ABA-B06D-4F35-BF7C-D9306D29764B INFO: Success
-
Add the Oracle GoldenGate related key attributes (KeyName, KeyVersion) to the configuration. The key name must match the master keyname in the KMS encryption profile created within Oracle GoldenGate. The key value must match the version number of the masterkey.
OS> java -jar okvrestservices.jar kmip --config /u01/app/oracle/OKV/conf/okvclient.ora --service add_custom_attr --uid 76876ABA-B06D-4F35-BF7C-D9306D29764B --attribute x-OGG-KeyName --type TEXT --value OGG_Masterkey INFO: Success
OS> java -jar okvrestservices.jar kmip --config /u01/app/oracle/OKV/conf/okvclient.ora --service add_custom_attr --uid 76876ABA-B06D-4F35-BF7C-D9306D29764B --attribute x-OGG-KeyVersion --type TEXT --value 1 INFO: Success
-
Use
okvutil
to list the configuration setting and check the endpoint status. As shown in the following example:OS>okvutil list -v 4 okvutil version 18.2.0.0.0 Endpoint type: Oracle (non-database) Configuration file: /u01/app/oracle/OKV/conf/okvclient.ora Server: 10.245.64.45:5696 10.245.64.46:5696 Standby Servers:Read Servers: 10.245.64.48:5696 Auto-login wallet found, no password needed Trying to connect to 10.245.64.45:5696 ... Connected to 10.245.64.45:5696. Unique ID Type Identifier 72B673E8-840B-4AD6-8400-CB77B68D74B5 Template Default template for OGG_EP 76876ABA-B06D-4F35-BF7C-D9306D29764B Symmetric Key -
The next steps are managed within Oracle GoldenGate and are shown as an implementation from the Admin Client.