Best practices in security management encourage separation of duties and within security functions always default to the least privileges. OCI Database Migration adheres to these principles by making SSH access keys optional during database connection registration, thus database access can be centrally and securely maintained.
This feature eliminates the need to provide an SSH user with sudo access to your database hosts, and the service will handle the upload and download of dumps through HTTPS securely when the registered connection is not Autonomous Database.
There are two prerequisites for this functionality:
1. A wallet needs to be created by the user with the required SSL certificates on the Database file system. We provide the option to download a pre-created one, but we also guide the user in case they want to manually create the wallet.
2. The user performing the export or import requires the necessary network ACL grants to access the network from the source and target database host.
If SSH access is still preferred then our users can still provide those values during the database create connection, we have kept them but are now optional.
For more details on this functionality please visit our documentation here.
Jorge Martinez is a Product Manager in the GoldenGate organization focusing on OCI Database Migration service.