1. Installation and Administration Guide
  2. Advanced Security Transparent Data Encryption (TDE)
  3. Key Transfer in Support of Oracle RMAN and Oracle Data Pump

Key Transfer in Support of Oracle RMAN and Oracle Data Pump

Oracle RMAN and/or Oracle Data Pump may require the ability to supply the master key to another OKM cluster.

OKM key transfer operations readily support key transfer using the secure key export and key import services. See Transfer Keys Between Clusters for more information.

  1. Establish key transfer partners between the source and destination OKM clusters.
  2. Identify the TDE master keys to be exported in support of Oracle RMAN backups or encrypted data exported using Oracle Data Pump.
  3. Export the keys from the source OKM cluster. This will create a secure key export file.
  4. Transmit the exported key file to the transfer partner.
  5. The destination transfer partner imports the keys into their OKM cluster.

Run Oracle RMAN restore or Oracle Data Pump import to re-create the database instance that requires the keys. This requires the configuration steps necessary to use TDE with OKM at the importing location. The restore or import operation then accesses the OKM for the universal master keys required to decrypt the column or tablespace keys used by the database instance.