This note describe how we can configure TDE encryption for RMAN backup in on-premise database to migrate to Oracle cloud.
1.First I need to update sqlnet.ora with proper location where my wallet will reside to enable TDE encryption.
# sqlnet.ora Network Configuration File: /u01/app/oracle/product/12.2.0/dbhome_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)
ENCRYPTION_WALLET_LOCATION=
(SOURCE=
(METHOD=FILE)
(METHOD_DATA=
(DIRECTORY=/var/opt/oracle/hdg/tde_wallet)
)
)
SQLNET.ENCRYPTION_SERVER = requested
SQLNET.ENCRYPTION_TYPES_SERVER = (RC4_256, AES256)
SQLNET.ENCRYPTION_CLIENT = requested
SQLNET.ENCRYPTION_TYPES_CLIENT = (RC4_256, AES256)
2.Now I need to create the directory and restart the listener.
mkdir -p /var/opt/oracle/hdg/tde_wallet
3.Connect to the root container and create the keystore. Please restart database if you find nothing in v$encryption_wallet.
SQL> administer key management create keystore '/var/opt/oracle/hdg/tde_wallet' identified by manager123; keystore altered. SQL> administer key management set keystore open identified by manager123; keystore altered. SQL> administer key management set key identified by manager123 with backup using 'TDE'; keystore altered.
If you want to enable autologin,you can do below
SQL> administer KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM keystore '/u01/app/oracle/tde_wallet' identified by manager123;
keystore altered.
For special case,where you deleted the old keystore , you need to do following step
QL> administer key management create keystore '/u01/app/oracle/local/wallet_orcl' identified by manager123; keystore altered. SQL> select CON_ID,KEY_ID,KEYSTORE_TYPE,CREATOR_DBNAME,CREATOR_PDBNAME from v$encryption_keys; no rows selected SQL> ALTER SYSTEM SET "_db_discard_lost_masterkey"=TRUE SCOPE=MEMORY; System altered. SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY manager123; keystore altered.
4.If you have PDB,you need to connect to PDB and check whether auto login is enabled from PDB
SQL>alter session set container=PDB1;
SQL> select * from v$encryption_wallet;
FILE
OPEN_NO_MASTER_KEY AUTOLOGIN SINGLE UNDEFINED
4
You can see OPEN_NO_MASTER_KEY which will create problem during backup after setting encryption.
SQL> alter tablespace system ENCRYPTION online using 'AES256' encrypt FILE_NAME_CONVERT = ('system01.dbf', 'system01_encrypt.dbf');
alter tablespace system ENCRYPTION online using 'AES256' encrypt FILE_NAME_CONVERT = ('system01.dbf', 'system01_encrypt.dbf')
*
ERROR at line 1:
ORA-28374: typed master key not found in wallet
Now please follow below step to resolve .This step is valid for 12.2:-
SQL> ADMINISTER KEY MANAGEMENT SET KEY FORCE KEYSTORE IDENTIFIED BY manager123 with backup; keystore altered. SQL> select * from v$encryption_wallet; FILE OPEN AUTOLOGIN SINGLE NO 4
5.Convert non-encrypted tablespace to encrypted online in 12.2 to support TDE encryption.
SQL> alter tablespace system ENCRYPTION online using 'AES256' encrypt FILE_NAME_CONVERT = ('system01.dbf', 'system01_encrypt.dbf');
Tablespace altered.
0 comments on “TDE encryption setup for migrating on-premise backup to Oracle cloud using RMAN”
pharmacie en ligne france pas cher cialis sans ordonnance pharmacie en ligne livraison europe