Cloning pluggable database when TDE is enabled.
Cloning a pluggable database with encryption offers several benefits and security advantages. Here are some reasons why you might want to clone a pluggable database with encryption:
- Data Protection: Encryption ensures that sensitive data within the pluggable database remains secure. By cloning the database with encryption, you can maintain the same level of protection for the cloned copy, safeguarding sensitive information from unauthorized access.
- Compliance Requirements: Many industries and regulatory frameworks require data encryption as a security measure. If your organization operates in a regulated industry or needs to comply with specific data protection standards, cloning with encryption helps maintain compliance by extending the encryption to the cloned database.
- Security Testing: Cloning a pluggable database with encryption allows you to create a separate environment for security testing purposes. You can evaluate the effectiveness of your encryption mechanisms and identify any vulnerabilities or weaknesses in the encryption implementation without affecting the original database.
- Disaster Recovery: Cloning with encryption enables you to have an encrypted copy of your database readily available for disaster recovery purposes. In the event of data loss or system failure, you can quickly restore the cloned database, which already includes encryption, thereby reducing downtime and ensuring the continuity of operations.
- Data Masking: Cloning a pluggable database with encryption can also be useful when implementing data masking techniques. You can create a clone with encrypted data, and then apply data masking algorithms to obfuscate sensitive information while preserving the encryption. This allows for secure testing and development activities using realistic data.
- Secure Development and Testing: Developers often require realistic data for development and testing purposes. By cloning the pluggable database with encryption, you can provide them with a secure copy of the database that maintains the original encryption, ensuring the confidentiality of sensitive information.
- Confidentiality during Transport: When you clone a pluggable database, the data is often transported between different environments or systems. By utilizing encryption during the cloning process, you can protect the data in transit, reducing the risk of interception or unauthorized access.
Overall, cloning a pluggable database with encryption provides enhanced data protection, compliance adherence, secure testing environments, and improved disaster recovery capabilities. It helps maintain the confidentiality and integrity of sensitive information, ensuring the overall security of your database infrastructure.
Step 1: Make sure the wallet is open in the target CDB.
SQL> show con_name CON_NAME —————————— CDB$ROOT SQL> select con_id, wallet_type, status from v$encryption_wallet; CON_ID WALLET_TYPE STATUS ———- ——————– —————————— 1 AUTOLOGIN OPEN 2 AUTOLOGIN OPEN 3 AUTOLOGIN OPEN SQL>
Step 2: Change parameter one_step_plugin_for_pdb_with_tde to true
SQL> show parameter one_step_plugin_for_pdb_with_tde NAME TYPE VALUE ———————————— ———– —————————— one_step_plugin_for_pdb_with_tde boolean FALSE SQL> alter system set one_step_plugin_for_pdb_with_tde=TRUE scope=both sid=’*’; System altered. SQL> show parameter one_step_plugin_for_pdb_with_tde NAME TYPE VALUE ———————————— ———– —————————— one_step_plugin_for_pdb_with_tde boolean TRUE SQL> show con_name CON_NAME —————————— CDB$ROOT SQL> create pluggable database pdb2 from pdb1 keystore identified by “WALLET_PASSWORD”; Pluggable database created. SQL> SQL> show pdbs CON_ID CON_NAME OPEN MODE RESTRICTED ———- —————————— ———- ———- 2 PDB$SEED READ ONLY NO 3 PDB1 READ WRITE NO 6 PDB2 MOUNTED SQL> alter pluggable database pdb2 open; Pluggable database altered. SQL> show pdbs CON_ID CON_NAME OPEN MODE RESTRICTED ———- —————————— ———- ———- 2 PDB$SEED READ ONLY NO 3 PDB1 READ WRITE NO 6 PDB2 READ WRITE NO SQL> SQL> select con_id, wallet_type, status from v$encryption_wallet; CON_ID WALLET_TYPE STATUS ———- ——————– —————————— 1 AUTOLOGIN OPEN 2 AUTOLOGIN OPEN 3 AUTOLOGIN OPEN 6 AUTOLOGIN OPEN SQL>
No Comments