Encrypting Trail Files

Learn about the requirements and configuration process used by different key management systems available with Oracle GoldenGate.

Requirements for Setting up an Encryption Profile

The requirements for configuring an encryption profile in Oracle GoldenGate include the following:

You can create multiple encryption profiles within a deployment, but an Oracle GoldenGate process (Extract, Replicat, distribution path) can only use one encryption profile at a time. For distribution paths using filtering, decryption is done to apply the filters but the output trail file remains encrypted. In PASSTHRU, a distribution path will not attempt to use the encryption profile or decrypt the trail file unless explicitly specified.

Any of the existing encryption profiles within a deployment can be set as the default profile. This default profile is only relevant during the creation of an Extract, Replicat or Distribution Path processes. If an encryption profile is not explicitly specified during the creation of a process, the current default profile is assigned to the new process. Changing the default profile does not update the encryption profile assigned to any existing Oracle GoldenGate processes.

Note:

It is advised not to change the encryption profile or master key of a process that has already processed trail files.

The Administration Service web interface allows you to manage your encryption profiles. You cannot modify an encryption profile. If you need to change it, you must delete and add a new profile using the Administration Service.

You can configure encryption profiles from the Administration Service or the Admin Client.

Tool to Set up Encryption Profile Description

Tool to Set up Encryption Profile	Description
Administation Service	Encryption profile can be created using the following providers: Using the Local Wallet Encryption Profile Using Oracle Key Vault Trail File Encryption in Oracle GoldenGate. Using OCI KMS Trail File Encryption in Oracle GoldenGate Using the Plugin Service for Trail File Encryption
Admin Client	The Admin Client commands used to set up the encryption profile for Extract, Replicat, and Distribution Path, include: `ADD ENCRYPTIONPROFILE`, `ALTER ENCRYPTIONPROFILE`, `DELETE ENCRYPTIONPROFILE`, `INFO ENCRYPTIONPROFILE`. Additionally, the `ADD` or `ALTER`, `INFO`, and `DELETE` commands for Extract, Paths, or Replicat have been modified to include the parameter `ENCRYPTIONPROFILE encryption-profile-name`. To know more, see the Command Line Interface Reference for Oracle GoldenGate.

Administation Service

Encryption profile can be created using the following providers:

Admin Client

The Admin Client commands used to set up the encryption profile for Extract, Replicat, and Distribution Path, include:

ADD ENCRYPTIONPROFILE,

ALTER ENCRYPTIONPROFILE,

DELETE ENCRYPTIONPROFILE,

INFO ENCRYPTIONPROFILE.

Additionally, the ADD or ALTER, INFO, and DELETE commands for Extract, Paths, or Replicat have been modified to include the parameter ENCRYPTIONPROFILE encryption-profile-name.

To know more, see the Command Line Interface Reference for Oracle GoldenGate.