Export/Import Keys from non-CDB to PDB
Export keys from Source Database
Connect to Source databaseMake sure keystore is open on the Source
select wrl_type,con_id,wrl_parameter,status from v$encryption_wallet;
If not Open: administer key management set keystore open identified by "password";
Make sure WALLET_TYPE is not AUTOLOGIN. If WALLET_TYPE = AUTOLOGIN,
see steps below to setup an explicit password before export.
NOTE: This will cause an outage on the source database as you will have to close and re-open the wallet.
If the database was upgraded from 11G, you will need to perform a rekey of the master key first.
To check if you need to perform a rekey
select creator_dbname, CREATOR_INSTANCE_NAME from v$encryption_keys;
If these columns are NULL, then you will need to rekey
select key_id from v$encryption_keys (will generally be 1 row)
ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY password WITH BACKUP;
select key_id from v$encryption_keys (you will see an extra row added from when you ran previously)
Export Keystore from Source
ADMINISTER KEY MANAGEMENT EXPORT KEYS WITH SECRET "password"
TO '/u02/storage/TDE/export2.exp' IDENTIFIED BY password;
Import keys into PDB
Create PDB from non-CDB after the rekey is performed
Copy export file to CDB Host /u02/storage/PDB
Connect to CDB and make sure wallet is open
select wrl_type,con_id,wrl_parameter,status from v$encryption_wallet;
If not Open: administer key management set keystore open identified by "password";
Connect to PDB and make sure wallet is open
select wrl_type,con_id,wrl_parameter,status from v$encryption_wallet;
If not Open: administer key management set keystore open identified by "password";
Import Keystore
ADMINISTER KEY MANAGEMENT IMPORT ENCRYPTION KEYS WITH SECRET "password"
FROM '/u02/storage/PDB/export.exp' IDENTIFIED BY password WITH BACKUP;
select key_id from v$encryption_keys
Close and Open PDB
No comments:
Post a Comment