Credential Store

Credential Store - OGG 12.1 New Feature

The credential store manages user IDs and their encrypted passwords

A Credential Store is a User ID and Password storage mechanism that utilizes the auto login wallet within the Oracle Credential Store Framework to store and encrypt sensitive information, which in turn will be accessed by GoldenGate processes via ALIAS parameters, such as USERIDALIAS and ASMUSERIDALIAS.

The Credential Store is created in the default directory dircrd under the Oracle GoldenGate installation directory.

We can't change the ALIAS name, if you really want to change then delete and re-create

We can create multiple ALIAS names for same userid 

GGSCI (rac2.DBA Learning Hub.com) 1> dblogin userid oggadmin, password oggadmin_123
Successfully logged into database.

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 2> 

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 2>  sh ls -ltr /u01/app/oracle/product/12.3/ogg/dircrd

total 0  <-----------

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 3>  ADD CREDENTIALSTORE

Credential store created.

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 4>  sh ls -ltr /u01/app/oracle/product/12.3/ogg/dircrd

total 4
-rw-r-----. 1 oracle oinstall 418 Apr  1 14:31 cwallet.sso <------

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 5> 

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 9> ALTER CREDENTIALSTORE ADD USER oggadmin PASSWORD oggadmin_123 ALIAS ogg DOMAIN gg

Credential store altered.

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 10>

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 17> ALTER CREDENTIALSTORE ADD USER oggadmin@PDEV PASSWORD oggadmin_987 ALIAS oggs

Credential store altered.

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 18> 

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 6> INFO CREDENTIALSTORE

Reading from credential store:

Default domain: OracleGoldenGate

 Alias: ogg
Userid: oggadmin

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 7>

--- OR ---

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 19> ALTER CREDENTIALSTORE ADD USER oggadmin PASSWORD oggadmin_987 ALIAS ogg

Credential store altered.

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 20> info CREDENTIALSTORE

Reading from credential store:

Default domain: OracleGoldenGate

Alias: oggs
Userid: oggadmin@PDEV

Alias: ogg
Userid: oggadmin

Other domains:

gg

To view other domains, use INFO CREDENTIALSTORE DOMAIN

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 21>

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 11> INFO CREDENTIALSTORE DOMAIN gg

Reading from credential store:

Domain: gg

Alias: ogg
Userid: oggadmin

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 12>

6. Login to GoldenGate using USERIDALIAS

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 7> DBLOGIN USERIDALIAS ogg
Successfully logged into database.

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 8>

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 12> DBLOGIN USERIDALIAS ogg DOMAIN gg
Successfully logged into database.

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 13>

-- Incase of password change at database level due security reasons, then we need to change at GoldenGate level as well

SQL> alter user oggadmin identified by oggadmin_987;

User altered.

SQL>

GGSCI (rac2.DBA Learning Hub.com) 1> DBLOGIN USERIDALIAS ogg
ERROR: Unable to connect to database using user oggadmin. Ensure that the necessary privileges are granted to the user.
OCI Error ORA (status = 1017-ORA-01017: invalid username/password; logon denied
).

GGSCI (rac2.DBA Learning Hub.com) 2>

GGSCI (rac2.DBA Learning Hub.com) 3> INFO CREDENTIALSTORE

Reading from credential store:

Default domain: OracleGoldenGate

  Alias: ogg
  Userid: oggadmin

GGSCI (rac2.DBA Learning Hub.com) 4>

GGSCI (rac2.DBA Learning Hub.com) 8> ALTER CREDENTIALSTORE REPLACE USER oggadmin PASSWORD oggadmin_987 ALIAS ogg

Credential store altered.

GGSCI (rac2.DBA Learning Hub.com) 9> DBLOGIN USERIDALIAS ogg
Successfully logged into database.

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 10>

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 14> INFO CREDENTIALSTORE DOMAIN gg

Reading from credential store:

Domain: gg

  Alias: ogg
  Userid: oggadmin

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 15> ALTER CREDENTIALSTORE REPLACE USER oggadmin PASSWORD oggadmin_987 ALIAS ogg DOMAIN gg

Credential store altered.

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 16> DBLOGIN USERIDALIAS ogg DOMAIN gg
Successfully logged into database.

GGSCI (rac2.DBA Learning Hub.com as oggadmin@PDEV) 17>

GGSCI (rac2.DBA Learning Hub.com) 18> ALTER CREDENTIALSTORE DELETE USER ogg

Credential store altered.

GGSCI (rac2.DBA Learning Hub.com) 19>

GGSCI (rac2.DBA Learning Hub.com) 15> ALTER CREDENTIALSTORE DELETE USER ogg

ERROR: Credential domain 'OracleGoldenGate' not found in credential store.

GGSCI (rac2.DBA Learning Hub.com) 16> ALTER CREDENTIALSTORE DELETE USER ogg DOMAIN gg

Credential store altered.

GGSCI (rac2.DBA Learning Hub.com) 17>