1. Command Line Interface Reference for Oracle GoldenGate
  2. Admin Client Command Line Interface Commands
  3. DELETE MASTERKEY

DELETE MASTERKEY

Use the DELETE MASTERKEY command to mark a version of a master key for deletion. Routinely deleting older versions of a master key ensures that they cannot be used maliciously.

The OPEN WALLET command must be used before using this command or any of the commands that add or renew the master keys or purge the wallet.

To view the version of a master key, use the INFO MASTERKEY command.

This command marks a version for deletion, but does not physically remove it from the wallet, see PURGE WALLET to remove the master key version permanently.

Note:

For Oracle GoldenGate deployments using a shared wallet, the older versions of the master key should be retained after the master key is renewed until all processes are using the newest version. The time to wait depends on the topology, latency, and data load of the deployment. A minimum wait of 24 hours is a conservative estimate, but you may need to perform testing to determine how long it takes for all processes to start using a new key. To determine whether all of the processes are using the newest version, view the report file of each Extract immediately after renewing the master key to confirm the last SCN that was mined with the old key. Then, monitor the Replicat report files to verify that this SCN was applied by all Replicat groups. At this point, you can delete the older versions of the master key.

See UNDELETE MASTERKEY to reverse a deletion made by DELETE MASTERKEY.

Once a version number is used, the wallet reserves it forever, and no other key of the same version can be generated. For example, you cannot mark version 2 of a key for deletion, then purge the wallet to remove it, and then issue RENEW MASTERKEY to add a version 2 again. Even though only version 1 of the key remains in the wallet after the purge, the renewal generates version 3, not version 2.

The use of a wallet and master key is not supported for the NonStop platforms.

Syntax

DELETE MASTERKEY
{VERSION version | RANGE FROM begin_value TO end_value | ALL}
VERSION version

Specifies a single version to be marked for deletion.

RANGE FROM begin_value TO end_value

Specifies a range of versions to be marked for deletion. The versions must be contiguous. For example, specifying RANGE FROM 3 TO 6 marks versions 3, 4, 5, and 6.

ALL

Marks all versions of the master key for deletion, including the currently active one. When this option is used, it should always be followed by a RENEW MASTERKEY command to create a new, current version of the master key.

Examples

This command marks one version of the master key for deletion and returns a message similar to the one shown.

DELETE MASTERKEY VERSION 10
Version 10 of Masterkey 'OGG_DEFAULT_MASTERKEY' deleted from wallet at location './dirwlt'.

This command marks versions 3, 4, 5, and 6 for deletion and returns a message similar to the one shown.

DELETE MASTERKEY RANGE FROM 3 TO 6

Example: Admin Client


DELETE MASTERKEY ALL
2019-11-21T19:38:08Z  INFO OGG-06148  Version 1 of master key 'OGG_DEFAULT_MASTERKEY' in Oracle Wallet was deleted.

Parent topic: Admin Client Command Line Interface Commands