You can use Transparent Data Encryption (TDE) to back up to Oracle Database Backup Cloud Service. With TDE you don’t need to provide a password every time you create or restore a backup.
To back up using TDE you need to have a TDE wallet (TDE keystore), which is different from the OPC wallet that stores Oracle Database Backup Cloud Service credentials.
To create a TDE wallet if you don’t already have one:
Add the following line to the
ENCRYPTION_WALLET_LOCATION= (SOURCE=(METHOD=FILE)(METHOD_DATA= (DIRECTORY=path_to_TDE_wallet)))
path_to_TDE_walletis the location where the TDE wallet is to be created; this must be different from the OPC wallet location.
Start SQL*Plus as sys:
sqlplus / as sysdba
Create the TDE wallet in the location specified in
SQLPLUS> alter system set encryption key identified by "TDE-password";
TDE-passwordis the password that must be used to open the TDE wallet.
Whenever the database is restarted, open the TDE wallet with the following command:
SQLPLUS> alter system set encryption wallet open identified by "TDE-password";
For complete information about TDE, see Using Transparent Data Encryption in Oracle Database Advanced Security Guide.
To back up an Oracle database that uses TDE:
Connect Recovery Manager (RMAN) to the target database to be backed up and configure encryption for the database:
RMAN> SET ENCRYPTION ON;
Back up the database:
RMAN> BACKUP DATABASE;
For information about restoring and recovering backups, see Restoring Backups from Oracle Database Backup Cloud Service.