7.2.2 Prerequisites for Configuring OKV on Oracle GoldenGate

Learn the prerequisites for setting up OKV with Oracle GoldenGate.

The following steps belong to the OKV configuration on the machine where the Oracle GoldenGate instance is running:

1. Download the okvrestservices.jar from the OKV server, where Oracle GoldenGate is deployed as the same system user as the deployment.

2. Download and install the endpoint file, okvclient.jar from the OKV server, where Oracle GoldenGate is deployed as the same system user as the deployment. For example,

   OS> java -jar okvclient.jar -d /u01/app/oracle/OKV

3. Create the key. The name of the wallet is provided by the OKV administrator. The following example show how the key is created:

   OS> java -jar okvrestservices.jar kmip 
           --config /u01/app/oracle/OKV/conf/okvclient.ora
           --service create_key 
           --algorithm AES 
           --length 256 
           --mask "ENCRYPT,DECRYPT,TRANSLATE_ENCRYPT,TRANSLATE_DECRYPT,TRANSLATE_WRAP,TRANSLATE_UNWRAP" 
           --wallet OKV_WALLET76876ABA-B06D-4F35-BF7C-D9306D29764B

   Alternatively, you can register your own key, as shown in the following example:

   OS>java -jar okvrestservices.jar kmip 
               --config ./conf/okvclient.ora --service reg_key -ENCRYPT,DECRYPT,TRANSLATE_ENCRYPT,TRANSLATE_DECRYPT,TRANSLATE_WRAP,TRANSLATE_UNWRAP 
               --wallet OGG_WALLET 
               --object /u01/key.txt64B3AAD0-BE77-1821-E053-0100007FD178

4. Set the OKV_HOME environment variable.

   OS> setenv OKV_HOME /u01/app/oracle/OKV

   The sub-directory structure contains the necessary libraries, binaries, and configuration files for the OKV environment. See Install OKV Software Onto Endpoint in the Oracle Key Vault Administration Guide for details about the configuration within the OKV server.

5. Activate the key as shown in the following example:

   OS> java -jar okvrestservices.jar kmip 
               --config /u01/app/oracle/OKV/conf/okvclient.ora
               --service activate 
               --uid 76876ABA-B06D-4F35-BF7C-D9306D29764B
   INFO: Success

6. Add the Oracle GoldenGate related key attributes (KeyName, KeyVersion) to the configuration. The key name must match the master keyname in the KMS encryption profile created within Oracle GoldenGate. The key value must match the version number of the masterkey.

   OS> java -jar okvrestservices.jar kmip 
               --config /u01/app/oracle/OKV/conf/okvclient.ora
               --service add_custom_attr 
               --uid 76876ABA-B06D-4F35-BF7C-D9306D29764B 
               --attribute x-OGG-KeyName 
               --type TEXT 
               --value OGG_Masterkey 
   INFO: Success

   OS> java -jar okvrestservices.jar kmip 
               --config /u01/app/oracle/OKV/conf/okvclient.ora
               --service add_custom_attr 
               --uid 76876ABA-B06D-4F35-BF7C-D9306D29764B 
               --attribute x-OGG-KeyVersion 
               --type TEXT 
               --value 1
   INFO: Success

7. Use okvutil to list the configuration setting and check the endpoint status. As shown in the following example:

   OS>okvutil list -v 4
   okvutil version 18.2.0.0.0
   Endpoint type: Oracle (non-database)
   Configuration file: /u01/app/oracle/OKV/conf/okvclient.ora
   Server: 10.245.64.45:5696 10.245.64.46:5696
   Standby Servers:Read Servers: 10.245.64.48:5696
   Auto-login wallet found, no password needed
   Trying to connect to 10.245.64.45:5696 ...
   Connected to 10.245.64.45:5696.
   Unique ID Type Identifier
   72B673E8-840B-4AD6-8400-CB77B68D74B5 Template Default template for OGG_EP
   76876ABA-B06D-4F35-BF7C-D9306D29764B Symmetric Key -

The next steps are managed within Oracle GoldenGate and are shown as an implementation from the Admin Client.