Oracle Goldengate – Database Password Encryption

Goldengate allows to encrypt the database password in the parameter files using “ENCRYPT PASSWORD” command.

Below is the demonstration of encrypting the database password in Goldengate parameter files.

1. Go to Goldengate Home and generated encryption keys

gguser@appnode1:/app/goldengate/oracle/OGG # ./keygen 128 1
 0x154A91DC6165F780347XFXFXFC0C35E2
 
 gguser@appnode1:/app/goldengate/oracle/OGG # vi ENCKEYS
 ##KeyName KeyValue
 GoldenUserKey 0x154A91DC6165F780347XFXFXFC0C35E2
 
 chmod 400 ENCKEYS

2. Encrypt the Goldengate database user password

GGSCI (appnode1) 2> ENCRYPT PASSWORD <goldengate_password> AES128 ENCRYPTKEY GoldenUserKey
 Encrypted password: AADAAAAAAAAAAAKASEJHLIZIEDXEZDZDAIUHSHMBNDRDSBDJAASHSGUDZESGHBPIDFPJTASAUCUHJGYE
 Algorithm used: AES128

3. Use the encrypted password in the parameter files.

EXTRACT EXRA1SCM
 SETENV (ORACLE_HOME="/ORACLE/app/oracle/product/11.2.0/dbhome_2")
 SETENV (NLS_LANG = "AMERICAN_AMERICA.AL32UTF8")
 -- Userid credentials to login into database
 userid ggadm@mydatabase1 , password AADAAAAAAAAAAAKASEJHLIZIEDXEZDZDAIUHSHMBNDRDSBDJAASHSGUDZESGHBPIDFPJTASAUCUHJGYE, AES128, ENCRYPTKEY GoldenUserKey

Note: For easy maintenance during password rotation, it is better to have the login credentials in separate file and have that file included in the parameter files so that there would be only file to modified.

Advertisements

#aes128, #aes192, #aes256, #enckeys, #encryption, #extract, #ggsci, #goldengate, #keygen, #oracle, #oracle-goldengate, #password, #password-encryption, #pump, #replicat