Blog Post

  1. Blog
  2. Cloning pluggable database when TDE is enabled.

Cloning pluggable database when TDE is enabled.

Cloning a pluggable database with encryption offers several benefits and security advantages. Here are some reasons why you might want to clone a pluggable database with encryption:

  1. Data Protection: Encryption ensures that sensitive data within the pluggable database remains secure. By cloning the database with encryption, you can maintain the same level of protection for the cloned copy, safeguarding sensitive information from unauthorized access.
  2. Compliance Requirements: Many industries and regulatory frameworks require data encryption as a security measure. If your organization operates in a regulated industry or needs to comply with specific data protection standards, cloning with encryption helps maintain compliance by extending the encryption to the cloned database.
  3. Security Testing: Cloning a pluggable database with encryption allows you to create a separate environment for security testing purposes. You can evaluate the effectiveness of your encryption mechanisms and identify any vulnerabilities or weaknesses in the encryption implementation without affecting the original database.
  4. Disaster Recovery: Cloning with encryption enables you to have an encrypted copy of your database readily available for disaster recovery purposes. In the event of data loss or system failure, you can quickly restore the cloned database, which already includes encryption, thereby reducing downtime and ensuring the continuity of operations.
  5. Data Masking: Cloning a pluggable database with encryption can also be useful when implementing data masking techniques. You can create a clone with encrypted data, and then apply data masking algorithms to obfuscate sensitive information while preserving the encryption. This allows for secure testing and development activities using realistic data.
  6. Secure Development and Testing: Developers often require realistic data for development and testing purposes. By cloning the pluggable database with encryption, you can provide them with a secure copy of the database that maintains the original encryption, ensuring the confidentiality of sensitive information.
  7. Confidentiality during Transport: When you clone a pluggable database, the data is often transported between different environments or systems. By utilizing encryption during the cloning process, you can protect the data in transit, reducing the risk of interception or unauthorized access.

Overall, cloning a pluggable database with encryption provides enhanced data protection, compliance adherence, secure testing environments, and improved disaster recovery capabilities. It helps maintain the confidentiality and integrity of sensitive information, ensuring the overall security of your database infrastructure.

Step 1: Make sure the wallet is open in the target CDB.

SQL> show con_name
CON_NAME
——————————
CDB$ROOT
SQL> select con_id, wallet_type, status from v$encryption_wallet;
    CON_ID WALLET_TYPE          STATUS
———- ——————– ——————————
         1 AUTOLOGIN            OPEN
         2 AUTOLOGIN            OPEN
         3 AUTOLOGIN            OPEN
SQL>

Step 2: Change parameter one_step_plugin_for_pdb_with_tde to true

SQL> show parameter one_step_plugin_for_pdb_with_tde
NAME                                 TYPE        VALUE
———————————— ———– ——————————
one_step_plugin_for_pdb_with_tde     boolean     FALSE
SQL> alter system set one_step_plugin_for_pdb_with_tde=TRUE scope=both sid=’*’;
System altered.
SQL> show parameter one_step_plugin_for_pdb_with_tde
NAME                                 TYPE        VALUE
———————————— ———– ——————————
one_step_plugin_for_pdb_with_tde     boolean     TRUE
SQL> show con_name
CON_NAME
——————————
CDB$ROOT
SQL> create pluggable database pdb2 from pdb1 keystore identified by “WALLET_PASSWORD”;
Pluggable database created.
SQL>
SQL> show pdbs
    CON_ID CON_NAME                       OPEN MODE  RESTRICTED
———- —————————— ———- ———-
         2 PDB$SEED                       READ ONLY  NO
         3 PDB1                           READ WRITE NO
         6 PDB2                           MOUNTED
SQL> alter pluggable database pdb2 open;
Pluggable database altered.
SQL> show pdbs
    CON_ID CON_NAME                       OPEN MODE  RESTRICTED
———- —————————— ———- ———-
         2 PDB$SEED                       READ ONLY  NO
         3 PDB1                           READ WRITE NO
         6 PDB2                           READ WRITE NO
SQL>

SQL> select con_id, wallet_type, status from v$encryption_wallet;

CON_ID WALLET_TYPE STATUS
———- ——————– ——————————
1 AUTOLOGIN OPEN
2 AUTOLOGIN OPEN
3 AUTOLOGIN OPEN
6 AUTOLOGIN OPEN

SQL>

Harshad Vengurlekar

Experienced OCM-certified Oracle Database Administrator with over 18 years of expertise in designing, implementing, and managing complex database solutions. My expertise spans performance optimization, security, and high-stakes solution implementation. Adept at managing complex environments with precision.

No Comments

    Leave a Message

    Your email address will not be published. All fields are mandatory. **

    Search

    Recent Posts

    Categories

    Tags

    Archives