Learn how to encrypt a database password that is to be specified in a command or parameter file.
This method takes a clear-text password as input and produces an obfuscated password string and a lookup key, both of which can then be used in the command or parameter file. This encryption method supports all of the databases that require a login for an Oracle GoldenGate process to access the database.
Depending on the database, you may be able to use a credential store as an alternative to this method. See Managing Identities in a Credential Store.
Topics:
Parent topic: Securing Oracle GoldenGate
Copy the encrypted password that you generated with the ENCRYPT PASSWORD command (see Encrypting a Password in a Command or Parameter File), and then paste it into the appropriate Oracle GoldenGate parameter statement or command as shown in Table 11-1. Option descriptions follow the table.
Table 11-1 Specifying Encrypted Passwords in Parameters and Commands
| Purpose of the Password | Parameter or Command to Use |
|---|---|
|
Oracle GoldenGate database loginFoot 1 |
USERID user, PASSWORD password, & algorithm ENCRYPTKEY {keyname | DEFAULT} |
|
Oracle GoldenGate database login for Oracle ASM instance |
TRANLOGOPTIONS ASMUSER SYS@ASM_instance_name, & ASMPASSWORD password, & algorithm ENCRYPTKEY {keyname | DEFAULT} |
|
Oracle GoldenGate database login for a downstream Oracle mining database |
[MININGUSER {/ | user}[, MININGPASSWORD password]&
[algorithm ENCRYPTKEY {key_name | DEFAULT}]&
[SYSDBA]]
|
|
Password substitution for |
DDLOPTIONS DEFAULTUSERPASSWORD password & algorithm ENCRYPTKEY {keyname | DEFAULT} |
|
Oracle TDE shared-secret password |
DBOPTIONS DECRYPTPASSWORD passwordFoot 2 algorithm & ENCRYPTKEY {keyname | DEFAULT} |
|
Oracle GoldenGate database login from GGSCI |
DBLOGIN USERID user, PASSWORD password, & algorithm ENCRYPTKEY {keyname | DEFAULT} |
|
Oracle GoldenGate database login to a downstream Oracle mining database from GGSCI |
MININGDBLOGIN USERID user, PASSWORD password,& algorithm ENCRYPTKEY {keyname | DEFAULT} |
Footnote 1
Syntax elements required for USERID vary by database type. See Reference for Oracle GoldenGate for more information.
Footnote 2
This is the shared secret.
Where:
user is the database user name for the Oracle GoldenGate process or (Oracle only) a host string. For Oracle ASM, the user must be SYS.
password is the encrypted password that is copied from the ENCRYPT PASSWORD command results.
algorithm specifies the encryption algorithm that was used to encrypt the password: AES128, AES192, AES256, or BLOWFISH. AES128 is the default if the default key is used and no algorithm is specified.
ENCRYPTKEY keyname specifies the logical name of a user-created encryption key in the ENCKEYS lookup file. Use if ENCRYPT PASSWORD was used with the KEYNAME keyname option.
ENCRYPTKEY DEFAULT directs Oracle GoldenGate to use a random key. Use if ENCRYPT PASSWORD was used with the KEYNAME DEFAULT option.
The following are examples of using an encrypted password in parameters and command:
SOURCEDB db1 USERID ogg,& PASSWORD AACAAAAAAAAAAAJAUEUGODSCVGJEEIUGKJDJTFNDKEJFFFTC, & AES128, ENCRYPTKEY securekey1 USERID ogg, PASSWORD AACAAAAAAAAAAAJAUEUGODSCVGJEEIUGKJDJTFNDKEJFFFTC, & BLOWFISH, ENCRYPTKEY securekey1 USERID ogg, PASSWORD AACAAAAAAAAAAAJAUEUGODSCVGJEEIUGKJDJTFNDKEJFFFTC, & BLOWFISH, ENCRYPTKEY DEFAULT TRANLOGOPTIONS ASMUSER SYS@asm1, & ASMPASSWORD AACAAAAAAAAAAAJAUEUGODSCVGJEEIUGKJDJTFNDKEJFFFTC, & AES128, ENCRYPTKEY securekey1 DBLOGIN USERID ogg, PASSWORD & AACAAAAAAAAAAAJAUEUGODSCVGJEEIUGKJDJTFNDKEJFFFTC, & AES128, ENCRYPTKEY securekey1 DDLOPTIONS DEFAULTUSERPASSWORD & AACAAAAAAAAAAAJAUEUGODSCVGJEEIUGKJDJTFNDKEJFFFTC, & AES 256 ENCRYPTKEY mykey DBOPTIONS DECRYPTPASSWORD AACAAAAAAAAAAAJAUEUGODSCVGJEEIUGKJDJTFNDKEJFFFTC, & AES 256 ENCRYPTKEY mykey DDLOPTIONS PASSWORD AACAAAAAAAAAAAJAUEUGODSCVGJEEIUGKJDJTFNDKEJFFFTC, & AES 256 ENCRYPTKEY mykey
Parent topic: Encrypting a Password in a Command or Parameter File