Oracle GoldenGate and Encrypted Tablespaces (TDE) in 11.2

To make GG work with encrypted tablespaces  you have to apply database patch:

Patch  10395645 for Oracle 11.2.0.2.

mkstore -wrl ./ -createEntry ORACLE.SECURITY.CL.ENCRYPTION.ORACLEGG

Supply shared secret for GG ( not wallet password).Last step is to supply wallet password.Copy ewallet.p12 file to other nodes ( if running RAC but not sharing wallet location ).
Do not forget standby databases if you have them.
If you like to see shared secret for GG you can run:

 mkstore -wrl  /u01/app/oracle/wallet -viewEntry ORACLE.SECURITY.CL.ENCRYPTION.ORACLEGG
Create package  dbms_internal_clkm.Package code get created by running script prvtclkm.plb  located under GG home .Once package is created grant execute privileget to GG user:

grant execute on  on thedbms_internal_clkm to gguser;

This package has only one procedure  called GET_KEY with following parameters:

SQL> desc dbms_internal_clkm
PROCEDURE GET_KEY
 Argument Name                  Type                    In/Out Default?
 —————————— ———————– —— ——–
 CLIENT                         VARCHAR2                IN
 MASTER_KEY_ID                  VARCHAR2                IN
 WRAPPED_KEY                    VARCHAR2                IN
 FLAGS                          BINARY_INTEGER          IN
 KEY                            VARCHAR2                OUT
Encrypt the Shared secret key
GGSCI> ENCRYPT PASSWORD “shared key”
Add an entry to the Extract parameter file to decrpt the new shared password

DBOPTIONS  DECRYPTPASSWORD “SHARED KEY”
Close and open wallet to clear caches.If you have wallet enabled with auto login ( file cwallet.sso ) than disable it temporary to close and open wallet.

Advertisements