The following terms are used throughout TDE documentation and are summarized here for clarity. Note that the first occurrence of these terms may be on other documentation pages.
File found on the Oracle host which stores the keys used to encrypt and decrypt the internal table keys in a database. Every keystore has a password which is set when it is first created, and must be supplied for operations on it.
Keystore with the keys used to encrypt the dSource PDB files.
Keystore for the target CDB into which the TDE-enabled vPDB is plugged.
Linked CDB Provision
Provisioning to physical CDBs that are configured to use TDE, and are part of the target environment added in Delphix Continuous Data Engine.
New Virtual CDB (vCDB) Provision
During the provisioning workflow for provisioning a new vPDB to a new vCDB, Delphix Continuous Data Engine will create a vCDB in the target environment and configure TDE.
Existing Virtual CDB (vCDB) Provision
Provisioning to existing vCDBs that are configured to use TDE, and are part of the target environment added in Delphix Continuous Data Engine.
Auxiliary container database (CDB)
Provisioning an Oracle vPDB requires running recovery to bring the snapshotted datafiles into a consistent state. This needs to be done in the context of a container database, which is created on the target system. After recovery is complete, the vPDB is unplugged and plugged into the target container, and the auxiliary container is deleted.
Directory on the target system (not on Delphix Continuous Data Engine storage) which stores keys needed to support Delphix Continuous Data Engine workflows on TDE-enabled vPDBs. It is located under the keystores root directory.
File located on the target Oracle host which contains keys that have been exported from the keystore. It is encrypted with a secret that is specified when it is exported. The exported keyfile itself cannot be used as a keystore, but its contents can be imported into a new keystore.
Process for changing the master encryption key in the keystore via the
Password used to encrypt an exported keyfile.
Keystores root directory
User-specified location on the target system under which all TDE related artifacts such as keystores and exported keyfiles created by Delphix Continuous Data Engine are stored. This includes both the artifact directories used for vPDBs and temporary directories used for auxiliary CDB keystores.
A logical unit in CipherTrust Manager, contains the master encryption keys of target CDB into which the TDE-enabled vPDB is plugged.
A logical unit in CipherTrust Manager, contains the master encryption keys used to encrypt the dSource PDB files.
TDE External Key Manager Credential
The credentials used to access the master encryption keys of the External Key Manager.
TDE Encryption Secret
A passphrase or key that serves as an additional layer of protection for your exported master encryption key and/or transport secret during
Oracle Key Vault Home. The installation directory path of the
Oracle database, registered and enrolled with OKV, contains the target CDB into which the TDE-enabled vPDB is plugged.
Oracle database, registered and enrolled with OKV, contains keys used to encrypt the dSource PDB files.