This topic describes how to provision a VDB from an encrypted database.
The Delphix Engine supports provisioning from a dSource linked to a physical database that has been encrypted with Oracle's Transparent Database Encryption (TDE), which can be used to encrypt columns or tablespaces.
Provisioning a VDB from an encrypted dSource requires that you have an auto-open wallet set up in the target environment, because the provisioning process requires the master key stored in the wallet file. You can either set up an auto-open wallet for the source database and copy the auto-open wallet files (both
cwallet.sso) to the target environment, or first copy the encryption wallet file (
ewallet.p12) to the target environment, and then generate an auto-open wallet from the encryption wallet file.
When provisioning a VDB from an encrypted dSource, if the target environment has other databases that also use TDE, each database should use a different wallet. Please check Oracle documentation on how to set up different wallet locations for different databases. For example, you can use
$ORACLE_SID in the
DIRECTORY clause of the
ENCRYPTION_WALLET_LOCATION parameter in
Check for any encrypted columns or tablespaces on the source database by using these commands:
SELECT t.name name, e.encryptionalg algorithm FROM v$tablespace t, v$encrypted_tablespaces e WHERE t.ts# = e.ts# and upper(e.encryptedts) = 'YES';
Copy wallet files from the source database to the target environment, and then configure the
sqlnet.orafile on the target to point to the directory where the wallet is located.
$ more sqlnet.ora ENCRYPTION_WALLET_LOCATION=(SOURCE(METHOD=file) (METHOD_DATA=(DIRECTORY=/opt/oracle/oradata/nf/wallet)))
If the source database does not use auto-open wallet, create the auto-open wallet at the target environment.
$ orapki wallet create -wallet /opt/oracle/oradata/nf/wallet -auto_login
Proceed with provisioning the VDB as described in Provisioning an Oracle VDB.