9 Managing Identities in a Credential Store
Learn how to use an Oracle GoldenGate credential store to maintain encrypted database passwords and user IDs and associate them with an alias.
It is the alias, not the actual user ID or password, that is specified in a command or parameter file, and no user input of an encryption key is required. The credential store is implemented as an autologin wallet within the Oracle Credential Store Framework (CSF).
Another benefit of using a credential store is that multiple installations of Oracle GoldenGate can use the same one, while retaining control over their local credentials. You can partition the credential store into logical containers known as domains, for example, one domain per installation of Oracle GoldenGate. Domains enable you to develop one set of aliases (for example ext
for Extract, rep
for Replicat) and then assign different local credentials to those aliases in each domain. For example, credentials for user ogg1
can be stored as ALIAS ext
under DOMAIN system1
, while credentials for user ogg2
can be stored as ALIAS ext
under DOMAIN system2
.
The credential store security feature is not supported on the DB2 for i, DB2 z/OS, and NonStop platforms. For those platforms and any other supported platforms, see Encrypting a Password in a Command or Parameter File.
Topics:
Parent topic: Common Security Features
9.1 Creating and Populating the Credential Store
Parent topic: Managing Identities in a Credential Store
9.2 Specifying the Alias in a Parameter File or Command
The following commands and parameters accept an alias as substitution for a login credential.
Table 9-1 Specifying Credential Aliases in Parameters and Commands
Purpose of the Credential | Parameter or Command to Use |
---|---|
Oracle GoldenGate database login. |
USERIDALIAS |
Oracle GoldenGate database login for Oracle ASM instance. |
TRANLOGOPTIONS ASMUSERALIAS |
Oracle GoldenGate database login for a downstream Oracle mining database. |
TRANLOGOPTIONS MININGUSERALIAS |
Password substitution for |
DDLOPTIONS DEFAULTUSERPASSWORDALIAS |
Oracle GoldenGate database login from GGSCI. |
DBLOGIN USERIDALIAS |
Oracle GoldenGate database login to a downstream Oracle mining database from GGSCI. |
MININGDBLOGIN USERIDALIAS |
Parent topic: Managing Identities in a Credential Store