Oracle GoldenGate 12c Security (Useridalias & Credential Store)

Share via:

Dear Readers,

In this article we will see Oracle GoldenGate 12c Security (Useridalias & Credential Store).

 We care for your speed. Below is an easy way to perform   Oracle GoldenGate 12c  Security (Useridalias & Credential Store)

ADDCREDENTIALSTORE is a new command in Oracle GoldenGate 12c

The credential store eliminates the need to specify user names and clear text passwords in the oracle goldengate parameter file. It is implemented as an auto login wallet within the Oracle Credential Store Framework (CSF)

We can use USERIDALIAS in an EXTRACT  or REPLICAT   parameter files to map a user specified alias to a userid-password alias which is stored in the credential store.

Note :

Before doing practical example make sure GoldenGate setup was done on Source and Target

On Source Database

On Source database we have DEPT and EMP table to be replicated under AJAY schema.

Let’s check the tables

Connect GGSCI and login with authentication details


Check Extract Parameter file

To clear view check here

In above image we used userid and password details which is not secured for GG.

To Secure GGADMIN user we have credential store feature in  GoldenGate 12c.

Adding Credential Store

  1. On Source database


Connect to GGSCI

Add credentialstore

Now go to dircrd directory, you will find one credentialstore is created here

Note : 

We see that the credentialstore has been created in the dircrd sub directory located in the oracle goldengate software installation home (GG_Home). If we need to create it in any other location like a shared file system, we have to specify that via CREDENTIALSTORELOCATION parameter in the GLOBALS file.

Now we want to add some users to the credential store.

Add credential inside credentialstore

Verify the credentials

Check and stop all the processes

Edit extint parameter file, comment out userid line and add useridalias ggadmin_src as alias

Edit Dpint   parameter file, comment out userid line and add useridalias ggadmin_src as

Now start Extint and Dpint process

Check processors are running fine

Note : Now we can do Transactions on Source to check replication is happening to Target or  not


Verify the credentials

Note: Why we can check dblogin because before making changes to the parameter file we are ensuring that whatever credentials we are providing they are correct.



Note : dblogin was successful on Source we can follow above  steps at Target side as well


Thank you for giving your valuable time to read the above information. Please click here to subscribe for further updates

KTEXPERTS is always active on below social media platforms.

Facebook :
LinkedIn :
Twitter :
YouTube :


Share via:
Note: Please test scripts in Non Prod before trying in Production.
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)

Add Comment