Credential Store

Oracle GoldenGate Security – Credential Store for Database Logins

Table of Contents

___________________________________________________________________________________________________

1. Overview
2. Login to GoldenGate
3. Add/Create Credential store

 

4. Add user to credential store

4.1 Add user to credential store with ALIAS
                                — OR —
4.2 Add user to credential store with domain
                                — OR —
4.3 Add user with connect string

 

5. Info credential store

5.1 Info credential store with ALIAS
5.2 Info credential store with domain

 

6. Login to GoldenGate

6.1 Login to OGG with USERIDALIAS
                                   — OR —
6.2 Login to OGG with USERIDALIAS and DOMAIN

 

7. REPLACE USER

7.1 Change password at GoldenGate level (ALIAS)
                                    — OR —
7.2 Change password at GoldenGate level (DOMAIN)

 

8. DELETE user

8.1 Delete user with ALIAS or default
                                     — OR —
8.2 Delete user with ALIAS and DOMAIN

___________________________________________________________________________________________________


1. Overview

Credential Store - OGG 12.1 New Feature

The credential store manages user IDs and their encrypted passwords

A Credential Store is a User ID and Password storage mechanism that utilizes the auto login wallet within the Oracle Credential Store Framework to store and encrypt sensitive information, which in turn will be accessed by GoldenGate processes via ALIAS parameters, such as USERIDALIAS and ASMUSERIDALIAS.

The Credential Store is created in the default directory dircrd under the Oracle GoldenGate installation directory.

We can't change the ALIAS name, if you really want to change then delete and re-create

We can create multiple ALIAS names for same userid 


2. Login to GoldenGate

GGSCI (rac2.rajasekhar.com) 1> dblogin userid oggadmin, password oggadmin_123
Successfully logged into database.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 2> 


3. Add/Create Credential store

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 2>  sh ls -ltr /u01/app/oracle/product/12.3/ogg/dircrd

total 0  <-----------

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 3>  ADD CREDENTIALSTORE

Credential store created.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 4>  sh ls -ltr /u01/app/oracle/product/12.3/ogg/dircrd

total 4
-rw-r-----. 1 oracle oinstall 418 Apr  1 14:31 cwallet.sso <------

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 5> 


4. Add user to credential store

4.1 Add user to credential store with ALIAS

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 5> ALTER CREDENTIALSTORE ADD USER oggadmin PASSWORD oggadmin_123 ALIAS ogg

Credential store altered.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 6>

—- OR —-

4.2 Add user to credential store with domain

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 9> ALTER CREDENTIALSTORE ADD USER oggadmin PASSWORD oggadmin_123 ALIAS ogg DOMAIN gg

Credential store altered.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 10>

—- OR —-


4.3 Add user with connect string

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 17> ALTER CREDENTIALSTORE ADD USER oggadmin@PDEV PASSWORD oggadmin_987 ALIAS oggs

Credential store altered.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 18> 


5. Info credential store

5.1 Info credential store with ALIAS

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 6> INFO CREDENTIALSTORE

Reading from credential store:

Default domain: OracleGoldenGate

 Alias: ogg
Userid: oggadmin

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 7>

--- OR ---

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 19> ALTER CREDENTIALSTORE ADD USER oggadmin PASSWORD oggadmin_987 ALIAS ogg

Credential store altered.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 20> info CREDENTIALSTORE

Reading from credential store:

Default domain: OracleGoldenGate

Alias: oggs
Userid: oggadmin@PDEV

Alias: ogg
Userid: oggadmin

Other domains:

gg

To view other domains, use INFO CREDENTIALSTORE DOMAIN

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 21>

—- OR —-


5.2 Info credential store with domain

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 11> INFO CREDENTIALSTORE DOMAIN gg

Reading from credential store:

Domain: gg

Alias: ogg
Userid: oggadmin

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 12>


6. Login to GoldenGate using USERIDALIAS


6.1 Login to OGG with ALIAS

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 7> DBLOGIN USERIDALIAS ogg
Successfully logged into database.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 8>

— OR —


6.2 Login to OGG with ALIAS and DOMAIN

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 12> DBLOGIN USERIDALIAS ogg DOMAIN gg
Successfully logged into database.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 13>


7. REPLACE USER

-- Incase of password change at database level due security reasons, then we need to change at GoldenGate level as well

SQL> alter user oggadmin identified by oggadmin_987;

User altered.

SQL>


7.1 Change password at GoldenGate level

GGSCI (rac2.rajasekhar.com) 1> DBLOGIN USERIDALIAS ogg
ERROR: Unable to connect to database using user oggadmin. Ensure that the necessary privileges are granted to the user.
OCI Error ORA (status = 1017-ORA-01017: invalid username/password; logon denied
).

GGSCI (rac2.rajasekhar.com) 2>

GGSCI (rac2.rajasekhar.com) 3> INFO CREDENTIALSTORE

Reading from credential store:

Default domain: OracleGoldenGate

  Alias: ogg
  Userid: oggadmin

GGSCI (rac2.rajasekhar.com) 4>

GGSCI (rac2.rajasekhar.com) 8> ALTER CREDENTIALSTORE REPLACE USER oggadmin PASSWORD oggadmin_987 ALIAS ogg

Credential store altered.

GGSCI (rac2.rajasekhar.com) 9> DBLOGIN USERIDALIAS ogg
Successfully logged into database.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 10>

— OR —


7.2 Change password at GoldenGate level (DOMAIN)

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 14> INFO CREDENTIALSTORE DOMAIN gg

Reading from credential store:

Domain: gg

  Alias: ogg
  Userid: oggadmin

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 15> ALTER CREDENTIALSTORE REPLACE USER oggadmin PASSWORD oggadmin_987 ALIAS ogg DOMAIN gg

Credential store altered.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 16> DBLOGIN USERIDALIAS ogg DOMAIN gg
Successfully logged into database.

GGSCI (rac2.rajasekhar.com as oggadmin@PDEV) 17>


8. Delete user

8.1 Delete user with ALIAS or default

GGSCI (rac2.rajasekhar.com) 18> ALTER CREDENTIALSTORE DELETE USER ogg

Credential store altered.

GGSCI (rac2.rajasekhar.com) 19>

— OR —


8.2 Delete user with ALIAS and DOMAIN

GGSCI (rac2.rajasekhar.com) 15> ALTER CREDENTIALSTORE DELETE USER ogg

ERROR: Credential domain 'OracleGoldenGate' not found in credential store.

GGSCI (rac2.rajasekhar.com) 16> ALTER CREDENTIALSTORE DELETE USER ogg DOMAIN gg

Credential store altered.

GGSCI (rac2.rajasekhar.com) 17>

Caution: Your use of any information or materials on this website is entirely at your own risk. It is provided for educational purposes only. It has been tested internally, however, we do not guarantee that it will work for you. Ensure that you run it in your test environment before using.

Thank you,
Rajasekhar Amudala
Email: br8dba@gmail.com
WhatsApp : +65-94693551
Linkedin: https://www.linkedin.com/in/rajasekhar-amudala/

Leave a Reply

Your email address will not be published. Required fields are marked *