Managing encryption profiles

An encryption profile contains information that is needed to enable or disable encryption.

An encryption profile is required to create an instance of CDC Replication. The simplest encryption profile disables TLS encryption of communication between source and target systems. Encryption profiles can be created to enable TLS encryption and for other uses such as JDBC connections to the database.

Private keystores and trust stores can be created with CDC Replication commands or with third-party tools, such as openssl. An encryption profile refers to an existing trust store file and optionally to an existing private keystore file.

Encryption profiles can be managed with either a graphical user interface or with a command-line interface.

Encryption profiles are stored in the secrets.jks file in the CDC Replication keystore directory. The password that CDC Replication needs to access secrets.jks is stored in secrets.b64.

Important: These two files should be protected from unauthorized reads because they contain the locations and passwords of configured private keystores and trust stores.