Skip to main content
Skip table of contents

Terminology

The following terms are used throughout TDE documentation and are summarized here for clarity. Note that the first occurrence of these terms may be on other documentation pages.

Term

Definition

Keystore/wallet

File found on the Oracle host which stores the keys used to encrypt and decrypt the internal table keys in a database. Every keystore has a password which is set when it is first created, and must be supplied for operations on it.

Parent keystore

Keystore with the keys used to encrypt the dSource PDB files.

Target keystore

Keystore for the target CDB into which the TDE-enabled vPDB is plugged.

Linked CDB Provision

Provisioning to physical CDBs that are configured to use TDE, and are part of the target environment added in Delphix Continuous Data Engine.

New Virtual CDB (vCDB) Provision

During the provisioning workflow for provisioning a new vPDB to a new vCDB, Delphix Continuous Data Engine will create a vCDB in the target environment and configure TDE.

Existing Virtual CDB (vCDB) Provision

Provisioning to existing vCDBs that are configured to use TDE, and are part of the target environment added in Delphix Continuous Data Engine.

Auxiliary container database (CDB)

Provisioning an Oracle vPDB requires running recovery to bring the snapshotted datafiles into a consistent state. This needs to be done in the context of a container database, which is created on the target system. After recovery is complete, the vPDB is unplugged and plugged into the target container, and the auxiliary container is deleted.

Artifact directory

Directory on the target system (not on Delphix Continuous Data Engine storage) which stores keys needed to support Delphix Continuous Data Engine workflows on TDE-enabled vPDBs. It is located under the keystores root directory.

Exported keyfile

File located on the target Oracle host which contains keys that have been exported from the keystore. It is encrypted with a secret that is specified when it is exported. The exported keyfile itself cannot be used as a keystore, but its contents can be imported into a new keystore.

Key rotation

Process for changing the master encryption key in the keystore via the ADMINISTER KEY MANAGEMENT SET KEY command. This does not remove the original key, rather it adds a new key to the wallet and future data will be encrypted with the new key.

Keyfile secret

Password used to encrypt an exported keyfile.

Keystores root directory

User-specified location on the target system under which all TDE related artifacts such as keystores and exported keyfiles created by Delphix Continuous Data Engine are stored. This includes both the artifact directories used for vPDBs and temporary directories used for auxiliary CDB keystores.

Target Domain

A logical unit in CipherTrust Manager, contains the master encryption keys of target CDB into which the TDE-enabled vPDB is plugged.

Parent Domain

A logical unit in CipherTrust Manager, contains the master encryption keys used to encrypt the dSource PDB files.

TDE External Key Manager Credential

The credentials used to access the master encryption keys of the External Key Manager.

TDE Encryption Secret

A passphrase or key that serves as an additional layer of protection for your exported master encryption key and/or transport secret during export/import/unplug/plug operations of vPDB.

OKV Home

Oracle Key Vault Home. The installation directory path of the okvclient.jar binary in the Oracle database host.

Target Endpoint

Oracle database, registered and enrolled with OKV, contains the target CDB into which the TDE-enabled vPDB is plugged.

Parent Endpoint

Oracle database, registered and enrolled with OKV, contains keys used to encrypt the dSource PDB files.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.