The Credential Store is a new 12c security feature in
GoldenGate that has been implemented as an autologin wallet in Oracle’s Credential
Store Framework. User IDs and passwords
are encrypted in the store and, as a result, an encryption key in the
connection string is no longer needed.
The default location of the store is in the ./dircrd directory of the GoldenGate software home. If you want to change the location, you can edit the ./GLOBALS file with the following CREDENTIALSTORELOCATION parameter.
You must exit and restart ggsci before proceeding or the file will be created in the default location.
Once the credential store has been created, users and password can be added to it. One of the key features of the store is the use of domains which can be used to logically group login aliases. The same alias can be defined in different domains with different credentials. This can be handy when developing and testing in different database environments from the same GoldenGate installation. The default domain is “Oracle GoldenGate”.
In this example, the user c##ggsadmin is added to the store in the “test” domain. If the “password” keyword is omitted, GoldenGate will prompt for the password and hide it from the output.
The default location of the store is in the ./dircrd directory of the GoldenGate software home. If you want to change the location, you can edit the ./GLOBALS file with the following CREDENTIALSTORELOCATION parameter.
GGSCI> edit params ./GLOBALS CREDENTIALSTORELOCATION /home/oracle/ggs/dircrd
You must exit and restart ggsci before proceeding or the file will be created in the default location.
GGSCI> exit $ ./ggsci GGSCI> add credentialstore Credential store created in /home/oracle/ggs/dircrd/. GGSCI> exit $ ls /home/oracle/ggs/dircrd cwallet.sso
Once the credential store has been created, users and password can be added to it. One of the key features of the store is the use of domains which can be used to logically group login aliases. The same alias can be defined in different domains with different credentials. This can be handy when developing and testing in different database environments from the same GoldenGate installation. The default domain is “Oracle GoldenGate”.
In this example, the user c##ggsadmin is added to the store in the “test” domain. If the “password” keyword is omitted, GoldenGate will prompt for the password and hide it from the output.
GGSCI> alter credentialstore add user c##ggsadmin, alias ggsadm, domain test Password: Credential store in /home/oracle/ggs/dircrd/ altered.
If you want to see the information maintained in the store, you can use the INFO CREDENTIONSTORE command. If you don’t specify the domain, it will default to “Oracle GoldenGate”. As you can see below, the default domain is still empty.
GGSCI> info credentialstore Reading from /home/oracle/ggs/dircrd/: No information found in credential store. GGSCI> info credentialstore domain test Reading from /home/oracle/ggs/dircrd/: Domain: test Alias: ggsadm Userid: c##ggsadmin
In older version of GoldenGate, you had to supply the username and password in plain text or encrypted for your login credentials.
Using DBLOGIN at the command line.
GGSCI> DBLOGIN USERID c##ggsadmin@orcl, PASSWORD AACAAAAAAAAAAAJAUEUGODSCVGJEEIUGKJDJTFNDKEJFFFTC AES128, ENCRYPTKEY securekey1 Successfully logged into database CDB$ROOT.
Using credentials in the parameter files.
GGSCI> edit params e1aa EXTRACT e1aa USERID c##ggsadmin@orcl, PASSWORD AACAAAAAAAAAAAJAUEUGODSCVGJEEIUGKJDJTFNDKEJFFFTC AES128, ENCRYPTKEY securekey1 LOGALLSUPCOLS EXTTRAIL ./dirdat/aa TABLE pdborcl.scott.emp; TABLE pdborcl.scott.dept; SOURCECATALOG pdborcl TABLE scott.bonus; TABLE scott.salgrade;
In 12c, the credential store secures the information and makes the connection much easier through the use of the alias that was created.
Using DBLOGIN at the command line.
GGSCI> dblogin useridalias ggsadm domain test Successfully logged into database CDB$ROOT.
Using credentials in the parameter files.
GGSCI> edit params e1aa EXTRACT e1aa USERIDALIAS ggsadm domain test LOGALLSUPCOLS EXTTRAIL ./dirdat/aa TABLE pdborcl.scott.emp; TABLE pdborcl.scott.dept; SOURCECATALOG pdborcl TABLE scott.bonus; TABLE scott.salgrade;
No comments:
Post a Comment