1. Oracle GoldenGate Security Guide
  2. Common Security Features
  3. Managing Encryption Using a Key Management Service in Oracle GoldenGate
  4. What is a Key Management Service?
  5. Why Use KMS to Store Oracle GoldenGate Encryption Keys?

7.1.1 Why Use KMS to Store Oracle GoldenGate Encryption Keys?

Oracle GoldenGate encryption of trail files is enhanced by using Oracle Key Vault as the Key Management Service (KMS) to store master keys.

Key management refers to managing cryptographic keys within an enterprise. It deals with generating, exchanging, storing, using, and replacing keys as required. A KMS also includes key servers, user procedures, and protocols. The security of the enterprise is dependent upon successful key management.

The advantages of using KMS with Oracle GoldenGate are:

  • Centralized lifecycle management of master keys. You'll be able to generate and upload master keys to Oracle Key Vault directly using custom attributes and perform lifecycle maintenance tasks within the KMS directly.

  • Oracle GoldenGate doesn't need to store the master keys locally and is not involved in the lifecycle management of the master keys.

  • Oracle GoldenGate can leverage from the specialized KMS features that provide key management with several layers of security.

Parent topic: What is a Key Management Service?