Skip to main content
Skip table of contents

CLI cookbook: Provisioning a TDE-enabled virtual PDB to a new virtual CDB

This topic describes how to provision a TDE-enabled virtual pluggable database (vPDB) to a virtual container database (vCDB) using the command-line interface.

This process applies to Oracle version 12.2.0.1 or later versions.

Prerequisites

The prerequisites are the same as described in CLI Cookbook: Provisioning a Virtual PDB to a new virtual CDB, additionally the following are the extra prerequisites: 

  • TDE must be configured for the source container database before it’s linked to the engine.

  • The source PDB must have TDE configured before it’s linked as dSources to Delphix.

  • The keystore file of the source container database must be accessible from the target host. If the target database is running in a RAC environment, the keystore file of the source container database must be accessible from all target nodes.

  • If the target database is running in a RAC environment, TDE Keystores Root must be set for each node.

In the example CLI provision detailed below, assuming:

  • The source container database TDE Keystore Password is mySrcCdbTdePwd.

  • The source container database keystore file can be accessed from the target host(s) with path /u01/app/oracle/keystores/cdb12/wallet.

  • The new vCDB’s keystore file will be created under the folder /u01/app/oracle/keystores/cdbvirt/wallet.

  • The new vCDB’s TDE Keystore Password is myVcdbTdePwd.

  • The vPDB’s TDE Secret for Exported Keys is myVpdbTdeSecret.

For more information about TDE parameters, please refer to Provisioning a TDE-enabled vPDB.

Procedure

After following all steps in the Procedure section of CLI Cookbook: Provisioning a Virtual PDB to a new virtual CDB to set provision parameters, set TDE-related parameters as follows before commit: 

  1. Set parentTdeKeystorePath, which is the path used to access the source CDB’s TDE keystore file from target host(s).

    CODE 
    delphix database provision *> set source.parentTdeKeystorePath=/u01/app/oracle/keystores/cdb12/wallet

  1. Set parentTdeKeystorePassword, which is the password of the source CDB’s TDE keystore.

    CODE 
    delphix database provision *> set source.parentTdeKeystorePassword=mySrcCdbTdePwd

  1. Supply tdeExportedKeyFileSecret, which is the password used for exporting the vPDB’s keys to keyfile.

    CODE 
    delphix database provision *> set source.tdeExportedKeyFileSecret=myVpdbTdeSecret

  1. Set targetVcdbTdeKeystorePath, which is the folder where the new vCDB’s TDE keystore file will be created.

    CODE 
    delphix database provision *> set source.targetVcdbTdeKeystorePath=/u01/app/oracle/keystores/cdbvirt/wallet

  1. Set targetVcdbTdeKeystorePassword, which is the password of the new vCDB's TDE keystore.

    CODE 
    delphix database provision *> set source.targetVcdbTdeKeystorePassword=myVcdbTdePwd

After all parameters are set, initiate the provision by committing the operation in the CLI:

CODE 
delphix database provision *> commit

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close