Backing Up to Oracle Database Backup Cloud Service Using Transparent Data Encryption (TDE)

You can use Transparent Data Encryption (TDE) to back up to Oracle Database Backup Cloud Service. With TDE you don’t need to provide a password every time you create or restore a backup.

To back up using TDE you need to have a TDE wallet (TDE keystore), which is different from the OPC wallet that stores Oracle Database Backup Cloud Service credentials.

To create a TDE wallet if you don’t already have one:

  1. Add the following line to the sqlnet.ora file:

    ENCRYPTION_WALLET_LOCATION=
      (SOURCE=(METHOD=FILE)(METHOD_DATA=
        (DIRECTORY=path_to_TDE_wallet)))
    

    where path_to_TDE_wallet is the location where the TDE wallet is to be created; this must be different from the OPC wallet location.

  2. Start SQL*Plus as sys:

    sqlplus / as sysdba
  3. Create the TDE wallet in the location specified in sqlnet.ora:

    SQLPLUS> alter system set encryption key identified by "TDE-password";

    where TDE-password is the password that must be used to open the TDE wallet.

  4. Whenever the database is restarted, open the TDE wallet with the following command:

    SQLPLUS> alter system set encryption wallet open identified by "TDE-password";

For complete information about TDE, see Using Transparent Data Encryption in Oracle Database Advanced Security Guide.

To back up an Oracle database that uses TDE:

  1. Connect Recovery Manager (RMAN) to the target database to be backed up and configure encryption for the database:

    RMAN> SET ENCRYPTION ON;
  2. Back up the database:

    RMAN> BACKUP DATABASE;

For information about restoring and recovering backups, see Restoring Backups from Oracle Database Backup Cloud Service.