CLI cookbook: Provisioning a TDE-enabled vPDB in a target CDB
This topic describes how to provision a TDE-enabled virtual pluggable database (vPDB) in a target CDB (a linked CDB or existing vCDB) using the command-line interface.
This process applies to Oracle version 12.2.0.1 or later versions.
Prerequisites
The prerequisites are the same as described in CLI Cookbook: Provisioning a Virtual PDB in a Target CDB, plus the following extra prerequisites:
TDE must be configured for the source container database before it’s linked to the engine.
The source PDB must have TDE configured before it’s linked as dSources to Delphix.
The keystore file of the source container database must be accessible from the target host. If the target database is running in a RAC environment, the keystore file of the source container database must be accessible from all target nodes.
TDE Keystore Password must be set for the target CDB.
If the target database is running in a RAC environment, TDE Keystores Root must be set for each node.
In the example CLI provision detailed below, assuming:
The source container database TDE Keystore Password is
mySrcCdbTdePwd
.The source container database keystore file can be accessed from the target host(s) with path
/u01/app/oracle/keystores/cdb12/wallet
.The vPDB’s TDE Secret for Exported Keys is
myVpdbTdeSecret
.
For more information about TDE parameters, please refer to Provisioning a TDE-enabled vPDB.
Procedure
After following all steps in the Procedure section of CLI Cookbook: Provisioning a Virtual PDB in a Target CDB to set provision parameters, set TDE-related parameters as follows before the commit:
Set
parentTdeKeystorePath
, which is the path used to access the source CDB’s TDE keystore file from the target host(s).CODEdelphix database provision *> set source.parentTdeKeystorePath=/u01/app/oracle/keystores/cdb12/wallet
Set
parentTdeKeystorePassword
, which is the password of the source CDB’s TDE keystore.CODEdelphix database provision *> set source.parentTdeKeystorePassword=mySrcCdbTdePwd
Supply
tdeExportedKeyFileSecret
, which is the password used for exporting the vPDB’s keys to the keyfile.CODEdelphix database provision *> set source.tdeExportedKeyFileSecret=myVpdbTdeSecret
After all the parameters are set, initiate the provision by committing the operation in the CLI:
delphix database provision *> commit