Creating Credential Store in Oracle Goldengate


About Credential Store


In Oracle Goldengate, Credential Store is similar to a secure locker to keep your Database user ID and encrypted password securely and refer to your login credential with an alias.

You do not have to write the actual user ID and password in the command line and parameter file, which can be seen anyone who has access to those files. You can specify the DB login credential using the alias name.


The Credential Store is implemented as an autologin wallet within the Credential Store Framework (CSF).
Another benefit of using a Credential Store is that multiple Oracle Goldengate installation can use the same one, while keeping control of their own local credentials, You can partitions the credential Store into logical containers, known as Domains, and maintain, For Example, one Domain for each installation of Oracle Goldengate.


 



























Creating Credential Store

The Credential Store is created, by default, in dircrd subdirectory of the Oracle Goldengate installation Directory. However, if you want to keep it in some other directory, then the location can be specified with the CREDENTIALSTORELOCATION parameter in the GLOBALS file.








Steps to Create the Credential Store

1. From the Oracle Goldengate installation Directory, run GGSCI.

2. Issue the following command to create the Credential Store


GGSCI (localhost.localdomain) 14> ADD CREDENTIALSTORE
Credential store created.

GGSCI (localhost.localdomain) 15> INFO CREDENTIALSTORE

Reading from credential store: 

No information found in credential store.

GGSCI (localhost.localdomain) 16>


3. Issue the following command to add each set if credential to the Credential Store


ALTER CREDENTIALSTORE ADD USER userid
[ALIAS alias]
[DOMAIN domain]
[PASSWORD password]

For Example:

GGSCI (localhost.localdomain) 16> ALTER CREDENTIALSTORE add user ogg alias ogguser

Password:

Credential store altered.

GGSCI (localhost.localdomain) 17> INFO CREDENTIALSTORE

Reading from credential store: 

Default domain: OracleGoldenGate

  Alias: ogguser

  Userid: ogg


If you check the dircrd subdirectory, you can see the wallet file created. (As shown below).

GGSCI (localhost.localdomain as ogg@orcl) 19> sh ls -l ./dircrd

total 4

-rw-r-----. 1 oracle oinstall 597 Aug  7 17:30 cwallet.sso

GGSCI (localhost.localdomain as ogg@orcl) 20>


Below is the command example to login to the DB using the alias name:

GGSCI (localhost.localdomain) 18> dblogin useridalias ogguser

Successfully logged into database.

And below is one Extract process parameter file example, which specify the DB login using the alias name.


GGSCI (localhost.localdomain) 52> view param x005
EXTRACT x005
useridalias ogguser
EXTTRAIL ./dirdat/s5
TABLE APP.DEPT;
GGSCI (localhost.localdomain) 53>


No comments:

Post a Comment

Subscribe to: Posts (Atom)