1. Oracle GoldenGate Microservices Documentation
  2. Prepare
  3. Prepare Oracle GoldenGate
  4. Configure Secure Database Connections from Oracle GoldenGate

Configure Secure Database Connections from Oracle GoldenGate

To specify a database connection string in a secure manner while configuring Oracle GoldenGate connections to any of the supported databases, the following options are available:

  • Include the USERIDALIAS option in the Extract and Replicat parameter files

  • Set up a connection using TCP or Bequeath protocols

Important:

For Oracle database, it is recommended that you use the TCP or Bequeath protocols with Oracle GoldenGate to be able to use features such as efficient DDL notification. Avoid using the IPC protocol as there are intermittent issues with using this protocol. For details, see Table DDL Change Notification in the Oracle Database Development Guide

Security Options for Specifying the Connection String in the Extract and Replicat Parameter Files

The following are the security options for specifying the connection string in the Extract or Replicat parameter file.

Credential store method:

USERIDALIAS ggeast

In the case of USERIDALIAS, the alias ggeast is stored in the Oracle GoldenGate credential store with the actual connection string. The following example uses the INFO CREDENTIALSTORE command to display the details of the credentials configured in Oracle GoldenGate: 

INFO CREDENTIALSTORE DOMAIN OracleGoldenGate

Output:

Domain: OracleGoldenGate
  Alias: ggeast
  Userid: ggadmin@dc1.example.com:1521/DBEAST.example.com

Setting up a Bequeath connection

Valid for Oracle database.

Oracle GoldenGate can connect to a database instance without using the network listener if a Bequeath connect descriptor is added in the tnsnames.ora.

The following example shows the configuration for connecting to a database using Bequeath connect descriptor:

dbbeq =  (DESCRIPTION=   
      (ADDRESS=(PROTOCOL=beq)     
          (ENVS='ORACLE_SID=sales,ORACLE_HOME=/app/db_home/oracle,LD_LIBRARY_PATH=/app/db_home/oracle/lib')     
          (PROGRAM=/app/db_home/oracle/bin/oracle)     
      (ARGV0=oraclesales)     
      (ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))'))   
        (CONNECT_DATA=(SID=sales)))

In this example:

/app/db_home is the target Oracle database installation directory

sales is the database service name

The ORACLE_SID, ORACLE_HOME, and LD_LIBRARY_PATH in the ENVS parameter refers to the target.

Note:

Make sure that there is no white space between these environment variable settings.

Setting up a TCP connection

For Oracle database, you can configure connect description in the tnsnames.ora file for setting up a TCP connection and save it in the credentials store in Oracle GoldenGate. The following example shows the tnsnames.ora file with the TCP connect descriptor: 

##tnsnames.ora file sample for database host DBEAST
cdb23_root  = (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=DBEAST)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=rdbms.oracle.com)))
cdb23_pdb0  = (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=DBEAST)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=cdb1_pdb0.rdbms.oracle.com)))
cdb23_pdbeast  = (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=DBEAST)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=cdb1_pdbeast.rdbms.oracle.com)))
cdb23_pdbwest  = (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=DBEAST)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=cdb1_pdbwest.rdbms.oracle.com)))

To configure additional security options using sqlnet.ora, see Connecting to a Database Using Strong Authentication