Encrypting passwords in GoldenGate parameter files on Linux
generate keys, run the keygen command from the GoldenGate software installation home
KEYGEN key length n
Where:
(key length) is the encryption key length
(n) represents the number of keys to generate.
# cd into your goldengate home – oraInventory knows where that is if you don’t and /etc/oraInst.loc will tell you where inventory is…
[oracle@oel66-noDB gg_core122]$ ls key*
keygen
[oracle@oel66-noDB gg_core122]$ ./keygen 128 4
0x06FF5E25511CDD09B5E82324A563F14D
0x07320B60E710C57A123FAE00A6186C28
0x0965B71A7E05AD6B6E95385DA7CDE602
0x0A98635515FA945CCBEBC239A782615D
# create a text file and copy your newly generated keys in – add a key name of your choice pairing to each key
[oracle@oel66-noDB gg_core122]$ vi ENCKEYS
[oracle@oel66-noDB gg_core122]$ cat ENCKEYS
key1 0x06FF5E25511CDD09B5E82324A563F14D
key2 0x07320B60E710C57A123FAE00A6186C28
key3 0x0965B71A7E05AD6B6E95385DA7CDE602
key4 0x0A98635515FA945CCBEBC239A782615D
Copy this ENCKEYS file to all the target servers in the GG home location. The key names and values in all of the ENCKEYS files must be identical, or else the data exchange will fail
[oracle@oel66-noDB gg_core122]$ ./ggsci
Oracle GoldenGate Command Interpreter for Oracle
Version 12.2.0.1.1 OGGCORE_12.2.0.1.0_PLATFORMS_151211.1401_FBO
Linux, x64, 64bit (optimized), Oracle 12c on Dec 12 2015 02:56:48
Operating system character set identified as UTF-8.
Copyright (C) 1995, 2015, Oracle and/or its affiliates. All rights reserved.
GGSCI (oel66-noDB.localdomain) 1> encrypt password gguser1
Expecting either ‘ENCRYPTKEY’ or an encryption algorithm
Give encrypt key name which is specified in ENCKEYS file
GGSCI (oel66-noDB.localdomain) 2> encrypt password gguser1 ENCRYPTKEY key1
Encrypted password: AADBBB…
Algorithm used: AES128
Test connect with this encrypted password
GGSCI (oel66-noDB.localdomain)3> dblogin USERID gguser@MYDB, PASSWORD AADBBB…, encryptkey key1
Successfully logged into database.
GGSCI (oel66-noDB.localdomain) 3> dblogin USERID gguser@MYDB, PASSWORD gguser123
Successfully logged into database.
So you can use this encrypted password in your extract param file
GGSCI (oel66-noDB.localdomain) 4> edit params ext
GGSCI (oel66-noDB.localdomain) 6> view params ext
EXTRACT ext
USERID gguser@MYDB, PASSWORD AADBBB…, encryptkey key1
EXTTRAIL /u01/app/oracle/product/12.1.0/gg_core122/dirdat/lt
…
NOTE: See Oracle Support Doc: (Doc ID 1575452.1) to protect the ENCKEYS file