clone PDB with TDE within CDB in 12.2

2023-12-14 02:31:28

How to clone PDB with TDE within CDB in 12.2

SOLUTION

++Existing environment? with TDE. The wallet must be opened password based. If auto login is configured kindly? rename cwallet.sso? ?and close and open the wallet with password based.

[oracle@Anandu tde_wallet]$ orapki wallet display -wallet <wallet_location> -pwd <wallet_password>

Requested Certificates:
Subject: CN=oracle
User Certificates:
Oracle Secret Store entries:
ORACLE.SECURITY.DB.ENCRYPTION.AdLi3Ct6h0/Xv/Yfgn+9nb0AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ORACLE.SECURITY.DB.ENCRYPTION.Aer1Coezvk8vv6zyiKOQMWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ORACLE.SECURITY.DB.ENCRYPTION.ASQqVVpxi09hv7u1HIx7cOoAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ORACLE.SECURITY.DB.ENCRYPTION.AX3nD4mJiU8mvzUWqpjwdSEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY
ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY.7ADCF38BD83D1DDFE05326D0810AD331
ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY.7EEE883A99EF450BE053EA3C810AEFC7
ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY.7EEEE05B416562DDE053EA3C810AF64A
ORACLE.SECURITY.ID.ENCRYPTION.
ORACLE.SECURITY.KB.ENCRYPTION.
ORACLE.SECURITY.KM.ENCRYPTION.AdLi3Ct6h0/Xv/Yfgn+9nb0AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ORACLE.SECURITY.KM.ENCRYPTION.Aer1Coezvk8vv6zyiKOQMWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ORACLE.SECURITY.KM.ENCRYPTION.ASQqVVpxi09hv7u1HIx7cOoAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ORACLE.SECURITY.KM.ENCRYPTION.AX3nD4mJiU8mvzUWqpjwdSEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Trusted Certificates:
[oracle@Anandu tde_wallet]$

SQL> SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE open IDENTIFIED BY <Wallet_password>;

keystore altered.

SQL> select * from v$encryption_wallet;

WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS WALLET_TYPE WALLET_OR FULLY_BAC
------------------------------ -------------------- --------- ---------
CON_ID
----------
FILE
/u01/app/oracle/admin/ORCL/tde_wallet/
OPEN PASSWORD SINGLE NO
1

SQL>

++++++++ Cloning the database with TDE. The wallet must be opened password based.

Connect as sys as sysdba and perform the below action?

SQL> create pluggable database PDB2 from PDB1 keystore identified by <wallet_password>;

Pluggable database created.

SQL>

SQL> show PDBS

CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 PDB1 READ WRITE NO
4 BTEST READ WRITE NO
5 BTEST1 READ WRITE NO
6 ANANDUTST READ WRITE NO
7 PDB2 MOUNTED
SQL> alter pluggable database PDB2 open;

Pluggable database altered.

SQL> show PDBS

SQL> alter session set container=PDB2;

Session altered.

SQL> select key_id from v$encryption_keys;

no rows selected

SQL> select * from v$encryption_wallet;

CLOSED UNKNOWN SINGLE UNDEFINED
7

++ Wallet will be closed and open it manually.

++ Master encryption key will not show in the v$encryption key? as it is using the old the master encryption which already loaded in the memory.?

SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE open IDENTIFIED BY <wallet_password>;

keystore altered.

SQL> select key_id from v$encryption_keys;

no rows selected

SQL> select * from v$encryption_wallet;

OPEN PASSWORD SINGLE NO
7

SQL> shutdown immediate

Pluggable Database closed.
SQL> startup
Pluggable Database opened.
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE open IDENTIFIED BY <Wallet_password>;

keystore altered.

SQL> select * from v$encryption_wallet;

OPEN PASSWORD SINGLE NO
7

SQL> select key_id from v$encryption_keys;

no rows selected

SQL> select * from v$tablespace;

TS# NAME INC BIG FLA ENC CON_ID
---------- ------------------------------ --- --- --- --- ----------
0 SYSTEM YES NO YES 7
1 SYSAUX YES NO YES 7
2 UNDOTBS1 YES NO YES 7
3 TEMP NO NO YES 7
5 USERS YES NO YES 7

SQL> show con_name

CON_NAME
------------------------------
PDB2
SQL> create tablespace test datafile '/u02/app/oracle/oradata/ORCL/test01.dbf' size 50 M ENCRYPTION USING 'AES256'
DEFAULT STORAGE(ENCRYPT); 2

Tablespace created.

SQL> select key_id from v$encryption_keys;

no rows selected

[oracle@Anandu admin]$ sqlplus username/password@pdb2

SQL*Plus: Release 12.2.0.1.0 Production on Tue Feb 19 06:36:15 2019

Connected to:
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production

SQL> CREATE TABLE tde_test (
id NUMBER(10),
data VARCHAR2(50) ENCRYPT
); 2 3 4

Table created.

SQL>

SQL> INSERT INTO tde_test VALUES (1, 'This is a secret!');

1 row created.

SQL> commit;

Commit complete.

SQL>

SQL> select TABLESPACE_NAME,ENCRYPTED from dba_tablespaces ;

TABLESPACE_NAME ENC
------------------------------ ---
SYSTEM NO
SYSAUX NO
UNDOTBS1 NO
TEMP NO
USERS YES
TEST YES

6 rows selected.

SQL>

++ With existing key the database will be opened read write mode and you can create tablespace and table without problem.
++ However v$encryption_keys will show empty. If you want to set the new master encryption key for this new PDB then follow the below procedure .

SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY<wallet_password> with backup;

keystore altered.

SQL> select key_id from v$encryption_keys;

KEY_ID
------------------------------------------------------------------------------
AecyPt1vA09Qv+yatfBvT5UAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

文章来源:https://blog.csdn.net/jnrjian/article/details/134917551
本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若内容造成侵权/违法违规/事实不符，请联系我的编程经验分享网邮箱：veading@qq.com进行投诉反馈，一经查实，立即删除！