The purpose of this document is to provide steps that needs to be followed when using Dbvisit Replicate with Oracle TDE. Dbvisit replicate supports Oracle TDE starting with Dbvisit Replicate version 2.9.02 .
From 12c oracle started using the term keystore instead of wallet and replaced command ALTER SYSTEM SET ENCRYPTION with ADMINISTER KEY MANAGEMENT . The keystore can also be stored in ASM , but Dbvisit Replicate 2.9.0.2 only supports keystore stored in the filesystem and does not support keystore stored in ASM. When using TDE with multitenant container databases, the root container(CDB$ROOT) must have a open keystore (wallet) with an Active Master Encryption Key, the pluggable databases can have separate master encryption keys for themselves. Data can be replicated from the TDE Source to a TDE Target and also to a NON-TDE target with some restrictions.
After completing the initial steps like running the ALL.sh script and before starting the MINE and APPLY, you can start the console and run the below command from the console to set the parameters for the TDE. After setting the below parameters you can start MINE/APPLY.
dbvrep> set _MINE_TDE_PASSWORD = kiwi123 // Password defined while creating the Keystore dbvrep> set _MINE_TDE_WALLET = /u01/app/oracle/WALLET/SRCDB // Location of the Keystore |
Below are the steps that must be followed , when changing the keystore password.
Change the Keystore password ,when the keystore is set to AUTOLOGIN.
SQL> ADMINISTER KEY MANAGEMENT ALTER KEYSTORE PASSWORD FORCE KEYSTORE IDENTIFIED BY kiwi123 SET dbvisit123 WITH BACKUP ; keystore altered. |
Now change the TDE password in the MINE to the new password in the console.
dbvrep>set _MINE_TDE_PASSWORD = dbvisit123 |