2.257 ONE_STEP_PLUGIN_FOR_PDB_WITH_TDE
If a pluggable database (PDB) has Transparent Data Encryption-encrypted (TDE-encrypted) tables or tablespaces, you can enable ONE_STEP_PLUGIN_FOR_PDB_WITH_TDE
on the target CDB to simplify the move of TDE keys in a single step PDB move operation.
ONE_STEP_PLUGIN_FOR_PDB_WITH_TDE
eliminates the need of having to manually provide a keystore password when you import the TDE keys into the PDB after it has moved to the target CDB.
Property | Description |
---|---|
Parameter type |
Boolean |
Default value |
|
Modifiable |
|
Modifiable in a PDB |
No |
Range of values |
|
Basic |
No |
Oracle RAC |
A different value can be set for this parameter on different Oracle RAC instances. |
The default for ONE_STEP_PLUGIN_FOR_PDB_WITH_TDE
is FALSE
.
When ONE_STEP_PLUGIN_FOR_PDB_WITH_TDE
is set to TRUE
on the target CDB, the plug in of the PDB does not require a keystore password.
Note:
The ONE_STEP_PLUGIN_FOR_PDB_WITH_TDE
parameter is deprecated in Oracle Database 23ai.
ONE_STEP_PLUGIN_FOR_PDB_WITH_TDE
enables you to clone remotely or to relocate encrypted PDBs without providing the Transparent Data Encryption (TDE) keystore password. However, EXTERNAL STORE
provides the same functionality, and is universally applicable to all ADMINISTER KEY MANAGEMENT
statements that do not change the TDE configuration. Instead of using ONE_STEP_PLUGIN_FOR_PDB_WITH_TDE
, Oracle recommends that you use the IDENTIFIED BY EXTERNAL STORE
clause for the ADMINISTER KEY MANAGEMENT
statement.