This topic describes how to provision a TDE-enabled virtual pluggable database (vPDB) to a virtual container database (vCDB) using the command-line interface.
This process applies to Oracle version 18.104.22.168 or later versions.
The prerequisites are the same as described in CLI Cookbook: Provisioning a Virtual PDB to a new virtual CDB, additionally the following are the extra prerequisites:
TDE must be configured for the source container database before it’s linked to the engine.
The source PDB must have TDE configured before it’s linked as dSources to Delphix.
The keystore file of the source container database must be accessible from the target host. If the target database is running in a RAC environment, the keystore file of the source container database must be accessible from all target nodes.
If the target database is running in a RAC environment, TDE Keystores Root must be set for each node.
In the example CLI provision detailed below, assuming:
The source container database TDE Keystore Password is
The source container database keystore file can be accessed from the target host(s) with path
The new vCDB’s keystore file will be created under the folder
The new vCDB’s TDE Keystore Password is
The vPDB’s TDE Secret for Exported Keys is
For more information about TDE parameters, please refer to Provisioning a TDE-enabled vPDB.
After following all steps in the Procedure section of CLI Cookbook: Provisioning a Virtual PDB to a new virtual CDB to set provision parameters, set TDE-related parameters as follows before commit:
parentTdeKeystorePath, which is the path used to access the source CDB’s TDE keystore file from target host(s).CODE
delphix database provision *> set source.parentTdeKeystorePath=/u01/app/oracle/keystores/cdb12/wallet
parentTdeKeystorePassword, which is the password of the source CDB’s TDE keystore.CODE
delphix database provision *> set source.parentTdeKeystorePassword=mySrcCdbTdePwd
tdeExportedKeyFileSecret, which is the password used for exporting the vPDB’s keys to keyfile.CODE
delphix database provision *> set source.tdeExportedKeyFileSecret=myVpdbTdeSecret
targetVcdbTdeKeystorePath, which is the folder where the new vCDB’s TDE keystore file will be created.CODE
delphix database provision *> set source.targetVcdbTdeKeystorePath=/u01/app/oracle/keystores/cdbvirt/wallet
targetVcdbTdeKeystorePassword, which is the password of the new vCDB's TDE keystore.CODE
delphix database provision *> set source.targetVcdbTdeKeystorePassword=myVcdbTdePwd
After all parameters are set, initiate the provision by committing the operation in the CLI:
delphix database provision *> commit