DBA Hub

📋Steps in this guide1/14

Credential Store - Bright DBA

Oracle GoldenGate Security – Credential Store for Database Logins

oracle configurationintermediate
by OracleDba
11 views
1

Overview

Oracle GoldenGate Security – Credential Store for Database Logins 1. Overview
2

Section 2

1. Overview Credential Store - OGG 12.1 New Feature The credential store manages user IDs and their encrypted passwords A Credential Store is a User ID and Password storage mechanism that utilizes the auto login wallet within the Oracle Credential Store Framework to store and encrypt sensitive information, which in turn will be accessed by GoldenGate processes via ALIAS parameters, such as USERIDALIAS and ASMUSERIDALIAS. The Credential Store is created in the default directory dircrd under the Oracle GoldenGate installation directory. We can't change the ALIAS name, if you really want to change then delete and re-create We can create multiple ALIAS names for same userid 2. Login to GoldenGate

Code/Command (click line numbers to comment):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Credential Store - OGG 12.1 New Feature

The credential store manages user IDs and their encrypted passwords

A Credential Store is a User ID and Password storage mechanism that utilizes the auto login wallet within the Oracle Credential Store Framework to store and encrypt sensitive information, which in turn will be accessed by GoldenGate processes via ALIAS parameters, such as USERIDALIAS and ASMUSERIDALIAS.

The Credential Store is created in the default directory dircrd under the Oracle GoldenGate installation directory.

We can't change the ALIAS name, if you really want to change then delete and re-create

We can create multiple ALIAS names for same userid

GGSCI (rac2.rajasekhar.com) 1>
dblogin userid oggadmin, password oggadmin_123
Successfully logged into database.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 2>
3

Section 3

3. Add/Create Credential store <----------- ADD CREDENTIALSTORE <------

Code/Command (click line numbers to comment):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 2>
sh ls -ltr /u01/app/oracle/product/12.3/ogg/dircrd
total 0
<-----------
GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 3>
ADD CREDENTIALSTORE
Credential store created.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 4>
sh ls -ltr /u01/app/oracle/product/12.3/ogg/dircrd
total 4
-rw-r-----. 1 oracle oinstall 418 Apr  1 14:31
cwallet.sso
<------
GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 5>
4

Section 4

4. Add user to credential store 4.1 Add user to credential store with ALIAS 4. Add user to credential store 4.1 Add user to credential store with ALIAS —- OR —- 4.2 Add user to credential store with domain —- OR —-

Code/Command (click line numbers to comment):

1
2
3
4
5
GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 5>
ALTER CREDENTIALSTORE ADD USER oggadmin PASSWORD oggadmin_123 ALIAS ogg
Credential store altered.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 6>
5

Section 5

4.2 Add user to credential store with domain —- OR —- 4.3 Add user with connect string

Code/Command (click line numbers to comment):

1
2
3
4
5
GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 9>
ALTER CREDENTIALSTORE ADD USER oggadmin PASSWORD oggadmin_123 ALIAS ogg DOMAIN gg
Credential store altered.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 10>
6

Section 6

5. Info credential store 5.1 Info credential store with ALIAS 5. Info credential store 5.1 Info credential store with ALIAS —- OR —-

Code/Command (click line numbers to comment):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 17>
ALTER CREDENTIALSTORE ADD USER oggadmin@PDEV PASSWORD oggadmin_987 ALIAS oggs
Credential store altered.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 18>

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 6>
INFO CREDENTIALSTORE
Reading from credential store:

Default domain: OracleGoldenGate
Alias: ogg
Userid: oggadmin

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 7>

--- OR ---

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 19>
ALTER CREDENTIALSTORE ADD USER oggadmin PASSWORD oggadmin_987 ALIAS ogg
Credential store altered.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 20>
info CREDENTIALSTORE
Reading from credential store:

Default domain: OracleGoldenGate

Alias: oggs
Userid: oggadmin@PDEV

Alias: ogg
Userid: oggadmin

Other domains:

gg

To view other domains, use INFO CREDENTIALSTORE DOMAIN

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 21>
7

Section 7

—- OR —- 5.2 Info credential store with domain 6. Login to GoldenGate using USERIDALIAS

Code/Command (click line numbers to comment):

1
2
3
4
5
6
7
8
9
10
GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 11>
INFO CREDENTIALSTORE DOMAIN gg
Reading from credential store:

Domain: gg

Alias: ogg
Userid: oggadmin

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 12>
8

Section 8

6.1 Login to OGG with ALIAS DBLOGIN USERIDALIAS ogg — OR —

Code/Command (click line numbers to comment):

1
2
3
4
5
GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 7>
DBLOGIN USERIDALIAS ogg
Successfully logged into database.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 8>
9

Section 9

6.2 Login to OGG with ALIAS and DOMAIN DBLOGIN USERIDALIAS ogg DOMAIN gg 7. REPLACE USER

Code/Command (click line numbers to comment):

1
2
3
4
5
GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 12>
DBLOGIN USERIDALIAS ogg DOMAIN gg
Successfully logged into database.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 13>
10

Section 10

-- Incase of password change at database level due security reasons, then we need to change at GoldenGate level as well alter user oggadmin identified by oggadmin_987; 7.1 Change password at GoldenGate level

Code/Command (click line numbers to comment):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
-- Incase of password change at database level due security reasons, then we need to change at GoldenGate level as well
SQL>
alter user oggadmin identified by oggadmin_987;
User altered.

SQL>

GGSCI (rac2.rajasekhar.com) 1>
DBLOGIN USERIDALIAS ogg
ERROR: Unable to connect to database using user oggadmin. Ensure that the necessary privileges are granted to the user.
OCI Error ORA (status = 1017-ORA-01017: invalid username/password; logon denied
).
GGSCI (rac2.rajasekhar.com) 2>

GGSCI (rac2.rajasekhar.com) 3>
INFO CREDENTIALSTORE
Reading from credential store:

Default domain: OracleGoldenGate

  Alias: ogg
  Userid: oggadmin

GGSCI (rac2.rajasekhar.com) 4>

GGSCI (rac2.rajasekhar.com) 8>
ALTER CREDENTIALSTORE REPLACE USER oggadmin PASSWORD oggadmin_987 ALIAS ogg
Credential store altered.

GGSCI (rac2.rajasekhar.com) 9> DBLOGIN USERIDALIAS ogg
Successfully logged into database.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 10>
11

Section 11

ALTER CREDENTIALSTORE REPLACE USER oggadmin PASSWORD oggadmin_987 ALIAS ogg — OR — 7.2 Change password at GoldenGate level (DOMAIN)

Code/Command (click line numbers to comment):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 14>
INFO CREDENTIALSTORE DOMAIN gg
Reading from credential store:

Domain: gg

  Alias: ogg
  Userid: oggadmin

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 15>
ALTER CREDENTIALSTORE REPLACE USER oggadmin PASSWORD oggadmin_987 ALIAS ogg DOMAIN gg
Credential store altered.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 16>
DBLOGIN USERIDALIAS ogg DOMAIN gg
Successfully logged into database.
GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 17>
12

Section 12

INFO CREDENTIALSTORE DOMAIN gg ALTER CREDENTIALSTORE REPLACE USER oggadmin PASSWORD oggadmin_987 ALIAS ogg DOMAIN gg DBLOGIN USERIDALIAS ogg DOMAIN gg 8. Delete user 8.1 Delete user with ALIAS or default 8. Delete user 8.1 Delete user with ALIAS or default
13

Section 13

ALTER CREDENTIALSTORE DELETE USER ogg — OR — 8.2 Delete user with ALIAS and DOMAIN

Code/Command (click line numbers to comment):

1
2
3
4
5
GGSCI (rac2.rajasekhar.com) 18>
ALTER CREDENTIALSTORE DELETE USER ogg
Credential store altered.

GGSCI (rac2.rajasekhar.com) 19>
14

Section 14

ERROR: Credential domain 'OracleGoldenGate' not found in credential store. ALTER CREDENTIALSTORE DELETE USER ogg DOMAIN gg Caution: Your use of any information or materials on this website is entirely at your own risk. It is provided for educational purposes only. It has been tested internally, however, we do not guarantee that it will work for you. Ensure that you run it in your test environment before using. Caution: Your use of any information or materials on this website is entirely at your own risk. It is provided for educational purposes only. It has been tested internally, however, we do not guarantee that it will work for you. Ensure that you run it in your test environment before using.

Code/Command (click line numbers to comment):

1
2
3
4
5
6
7
8
GGSCI (rac2.rajasekhar.com) 15>
ALTER CREDENTIALSTORE DELETE USER ogg
ERROR: Credential domain 'OracleGoldenGate' not found in credential store.
GGSCI (rac2.rajasekhar.com) 16>
ALTER CREDENTIALSTORE DELETE USER ogg DOMAIN gg
Credential store altered.

GGSCI (rac2.rajasekhar.com) 17>

Comments (0)

Please to add comments

No comments yet. Be the first to comment!