7.1 What is a Key Management Service?
A Key Management Service (KMS) is a utility that centralizes the management of encryption keys.
Oracle GoldenGate Microservices Architecture supports KMS to provide scalability in managing encryption keys and credentials along with security such that the key isn't stored or managed by Oracle GoldenGate.
The Oracle GoldenGate key uses the encapsulation approach to encrypt trail files. It generates a data encryption key (DEK) for each trail file, known as local key. An encrypted version of the local key is included in the trail file header and a master key is used to encrypt the data encryption key. This process is called encapsulation encryption.
In Oracle GoldenGate, a KMS can be used to manage cryptographic keys within an enterprise.
Topics:
- Why Use KMS to Store Oracle GoldenGate Encryption Keys?
Oracle GoldenGate encryption of trail files is enhanced by using Oracle Key Vault as the Key Management Service (KMS) to store master keys. - Oracle Key Vault Capabilities
Oracle GoldenGate supports Oracle Key Vault.