Updating the Oracle Shared Secret in the Parameter File

Use this procedure to update and encrypt the TDE shared secret within the Extract parameter file.

Run GGSCI.
Stop the Extract process.
```
STOP EXTRACT group
```
Modify the ORACLEGG entry in the Oracle wallet. ORACLEGG must remain the name of the key. For instructions, see Oracle Database Advanced Security Guide.
Issue the ENCRYPT PASSWORD command to encrypt the new shared secret.
```
ENCRYPT PASSWORD sharedsecret {AES128 | AES192 | AES256} ENCRYPTKEY keyname
```
Where:
- sharedsecret is the clear-text shared secret. This value is case-sensitive.
- {AES128 | AES192 | AES256} specifies Advanced Encryption Standard (AES) encryption. Specify one of the values, which represents the desired key length.
- keyname is the logical name of the encryption key in the ENCKEYS lookup file.
  
  Example:
```
ENCRYPT PASSWORD sharedsecret AES256 ENCRYPTKEY mykey1
```
In the Extract parameter file, use the DBOPTIONS parameter with the DECRYPTPASSWORD option. As input, supply the encrypted shared secret and the Oracle GoldenGate-generated or user-defined decryption key.
```
DBOPTIONS DECRYPTPASSWORD sharedsecret {AES128 | AES192 | AES256} ENCRYPTKEY keyname
```
Where:
- sharedsecret is the encrypted shared secret.
- {AES128 | AES192 | AES256} must be same value that was used for ENCRYPT PASSWORD.
- keyname is the logical name of the encryption key in the ENCKEYS lookup file.
  
  Example:
```
DBOPTIONS DECRYPTPASSWORD AACAAAAAAAAAAAIALCKDZIRHOJBHOJUH AES256 ENCRYPTKEY mykey1
```
Log in to SQL*Plus as a user with the SYSDBA system privilege.

Close and then re-open the wallet.

SQL> alter system set encryption wallet close identified by "hsm/wallet_password";
System altered.
SQL> alter system set encryption wallet open identified by "hsm/wallet_password";
System altered.

Start Extract.
```
START EXTRACT group
```