Backing Up to Oracle Database Backup Cloud Service Using Transparent Data Encryption (TDE)
You can use Transparent Data Encryption (TDE) to back up to Oracle Database Backup Cloud Service. With TDE you don’t need to provide a password every time you create or restore a backup.
Prerequisites
To back up using TDE you need to have a TDE wallet (TDE keystore), which is different from the OPC wallet that stores Oracle Database Backup Cloud Service credentials.
See Prerequisites for Backups and Restores with Oracle Database Backup Cloud Service for prerequisites.
Procedure
To create a TDE wallet if you don’t already have one:
-
Add the following line to the
sqlnet.orafile:ENCRYPTION_WALLET_LOCATION= (SOURCE=(METHOD=FILE)(METHOD_DATA= (DIRECTORY=path_to_TDE_wallet)))where
path_to_TDE_walletis the location where the TDE wallet is to be created; this must be different from the OPC wallet location. -
Start SQL*Plus as sys:
sqlplus / as sysdba
-
Create the TDE wallet in the location specified in
sqlnet.ora:SQLPLUS> alter system set encryption key identified by "TDE-password";where
TDE-passwordis the password that must be used to open the TDE wallet. -
Whenever the database is restarted, open the TDE wallet with the following command:
SQLPLUS> alter system set encryption wallet open identified by "TDE-password";
For complete information about TDE, see Using Transparent Data Encryption in Oracle Database Advanced Security Guide.
To back up an Oracle database that uses TDE:
-
Connect Recovery Manager (RMAN) to the target database to be backed up and configure encryption for the database:
RMAN> SET ENCRYPTION ON;
-
Back up the database:
RMAN> BACKUP DATABASE;
For information about restoring and recovering backups, see Restoring Backups from Oracle Database Backup Cloud Service.