Configure the required policies to enable secure Vault and Secrets
access, such as use secrets, use vaults, and read secret-bundles. For more
information, see Minimum recommended policies.
Create the connection
To create a connection to Apache Iceberg:
From the OCI GoldenGate Overview page, click
Connections.
You can also click Create Connection under the
Get started section and skip to step 3.
On the Connections page, click Create Connection.
On the Create Connection page, complete the fields as follows:
For Name, enter a name for the connection.
(Optional) For Description, enter a description that helps
you distinguish this connection from others.
(For GoldenGate on Multicloud only) Select your Subscription, and
then complete the following fields.
From the Compartment dropdown, select the compartment in
which the Resource Anchor resides.
Select the Multicloud partner region.
Select your Partner availability zone. The available options
populate based on the selected Multicloud partner region.
For Compartment, select the compartment in which to create
the connection.
For Type, under Big Data, select Apache Iceberg.
Select a Catalog type from the dropdown, and then complete the
relevant catalog fields:
For Glue, enter the Glue ID.
For Hadoop, no additional information is needed.
For Nessie, specify:
URI: Enter the Nessie catalog URI.
Branch: Enter the active branch name from
which Nessie reads and write table metadata.
For Polaris, specify:
URI: Enter the Polaris catalog URI.
Name: Enter the name in which Polaris registers
Iceberg tables.
Client ID: Enter the OAuth client ID to use for
authentication.
Client secret: Select the client secret, or click
Create client secret to create a new one. If
you choose to create a new client secret, provide the
following information:
Name
(Optional) Description
Select the Compartment in which the
properties secret resides.
Select the Vault in which to store the
properties secret.
Select the Encryption key to use.
Enter the User Password, then confirm the
User Password.
Principal role: Enter the Snowflake role used to
access Polaris.
For Rest, specify:
URI: Enter the base URL for the REST catalog
API.
Properties Secret: Select the properties secret,
or click Create properties secret to create a new
one. If you choose to create a new properties secret,
provide the following information:
Name
(Optional) Description
Select the Compartment in which the
properties secret resides.
Select the Vault in which to store the
properties secret.
Select the Encryption key to use.
Upload the Properties secret ID.
Select a Storage type from the dropdown, and then complete the
relevant storage fields:
Expand Show advanced options. You can configure the following
options:
Security
Deselect Use vault secrets if you prefer not to use
password secrets for this connection. If not selected:
Select Use Oracle-managed encryption key to leave
all encryption key management to Oracle.
Select Use customer-managed encryption key to select
a specific encryption key stored in your OCI Vault to encrypt your
connection credentials.
Network connectivity
Shared endpoint, to share an endpoint
with the assigned deployment. You must allow connectivity from the
deployment's ingress IP.
Dedicated endpoint, for network
traffic through a dedicated endpoint in the assigned subnet in your VCN. You
must allow connectivity from this connection's ingress IPs.
Note:
If a dedicated connection remains unassigned for seven
days, then the service converts it to a shared connection.
After the connection is created, it appears in the Connection list. Ensure that you
assign the connection to a deployment to use it in a data replication process.
Known issues
Issue with Apache Iceberg connections in OCI GoldenGate
If you encounter the following error when using Apache Iceberg
connections, then open a support ticket, share the details and error
message:
ERROR 2025-07-08 13:34:09.000481 [main] - Parameter [awsSecretKey] is missing in the
connection payload. Parameter [awsSecretKey] is missing in the connection payload.